FBI Links $150 Million Cryptocurrency Heist to LastPass Security Breach

Federal investigators have officially linked a massive $150 million cryptocurrency theft to the 2022 breach of password manager LastPass. Court documents reveal that Hackers who compromised the password management service have been systematically targeting users who stored cryptocurrency seed phrases in their LastPass vaults, successfully cracking master passwords to gain unauthorized access to digital assets.

The January 30, 2024 heist, which represents one of the largest cryptocurrency thefts tied to the breach, is believed to have targeted Chris Larsen, co-founder of cryptocurrency platform Ripple, according to blockchain security researcher ZachXBT. Federal prosecutors in Northern California have already seized approximately $24 million in cryptocurrencies connected to this theft.

The U.S. Secret Service and FBI investigation found that attackers gained unauthorized access to victims’ accounts using data stolen directly from LastPass. Security researchers Nick Bax and Taylor Monahan, who have been working with dozens of victims, discovered a consistent pattern: all affected users had stored cryptocurrency seed phrases in LastPass’s “Secure Notes” feature prior to the 2022 breaches.

Notably absent from these cases were typical precursor attacks such as email compromises, mobile phone account takeovers, or SIM-swapping—techniques commonly used in cryptocurrency thefts. Instead, once attackers gained access, they rapidly moved stolen funds across numerous cryptocurrency exchanges to obscure the trail.

The LastPass breach timeline reveals a progressive escalation of risk. On August 25, 2022, LastPass CEO Karim Toubba announced that the company detected unusual activity in its development environment, resulting in source code theft. By September 15, the company maintained no customer data had been accessed. However, by November 30, LastPass disclosed that criminals had acquired encrypted password vaults and personal information.

This breach gave attackers offline access to encrypted vaults, allowing them to attempt brute-force attacks against master passwords. Researchers discovered that longtime LastPass users were particularly vulnerable due to weaker encryption standards. These legacy accounts were protected by fewer “iterations”—the number of times a password runs through encryption routines—making them significantly easier to crack with modern computing power.

Despite the growing evidence, LastPass maintains there is no definitive proof linking the cyberheists to their breaches. The company states it has cooperated with law enforcement and invested in enhanced security measures.

Security researchers have criticized LastPass’s response, arguing that more proactive customer alerts about the risks to “Secure Notes” could have prevented millions in losses. “After issuing the initial warning, I hoped users would migrate their funds to new cryptocurrency wallets. However, the continued thefts show how much more needs to be done,” Bax noted.

Monahan expressed stronger criticism, suggesting that “LastPass could have encouraged users to rotate their credentials and prevented further thefts but instead chose to deny the risks and blame the victims.” Recent reports indicate additional thefts occurred as recently as December, suggesting the attackers continue to exploit data from the breach.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• BTC Rebounds After Hitting 4-Month Low, While Stock Market Rout Continues
• Robinhood’s Crypto Trading Volume Plummets 29% in February Amid Market Downturn
• Cantor Fitzgerald Launches $2 Billion Bitcoin Financing Business with Anchorage Digital and Copper as Custodians
• OCC Reaffirms Permissible Cryptocurrency Activities for Banks, Removes Prior Approval Requirements
• Ethereum Down 33% Since Eric Trump’s “Great Time to Add ETH” Prediction