Update March 07, 14:40 EST: LastPass sent the following statement after publishing time:
Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement. To date, our law enforcement partners have not made us aware of any conclusive evidence that connects any crypto thefts to our incident.
US seizes $23 million in crypto stolen via password manager breach
- Investigators believe hackers who breached LastPass in 2022 were behind the attack.
Despite the threat actors' efforts, law enforcement agents traced $23,604,815.09 of the stolen digital assets between June 2024 and February 2025 to the following cryptocurrency exchanges:
- OKX,
- Payward Interactive, Inc. (dba Kraken),
- WhiteBIT,
- AscendEX Technology SRL,
- Ftrader Ltd (dba FixedFloat),
- SwapSpace LLC, and
- Rabbit Finance LLC (dba CoinRabbit).
A forfeiture complaint unsealed by the U.S. Justice Department yesterday and first spotted by crypto fraud investigator ZachXBT reveals that U.S. Secret Service agents who interviewed the victim believe the attackers could have only stolen the cryptocurrency using private keys extracted by cracking the victim's password vault stolen in a 2022 breach of an online password manager.
They found that the stolen data and passwords stored in several victims' password manager accounts were used by attackers to access "their electronic accounts and steal information, cryptocurrency, and other data."
- They also discovered no evidence that the victim's devices were hacked, which points to the decryption of the stolen online password manager data as the only way the attackers could have obtained the keys needed to compromise the victim's crypto wallet.
"The scale of a theft and rapid dissipation of funds would have required the efforts of multiple malicious actors, and was consistent with the online password manager breaches and attack on other victims whose cryptocurrency was stolen," the complaint reads.
"For these reasons, law enforcement agents believe the cryptocurrency stolen from Victim was committed by the same attackers who conducted the attack on the online password manager, and cryptocurrency thefts from other similarly situated victims."
Crypto theft linked to LastPass hacksWhile the investigators didn't name the online password manager, the complaint says that the platform was hit by "two major data breaches" in August 2022 and November 2022.
This timeline aligns with security breaches disclosed by LastPass three years ago when the company said that attackers stole source code and proprietary technical information, as well as customer vault data, after breaching its cloud storage.
Since then, multiple security experts have shared that they believe the LastPass hackers have cracked some of the stolen vault data and used the extracted private keys and credentials in major cryptocurrency heists.
Even though the investigators didn't identify the victim, the details match the hack and the theft of $150 million in cryptocurrency from Ripple co-founder and executive chairman Chris Larsen, which was disclosed on January 31, 2024.
- A Ripple spokesperson was not immediately available when BleepingComputer reached out for comment earlier today.
Microsoft: North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks.
- March 07, 2025
- 07:10 AM
0
Microsoft says malvertising campaign impacted 1 million PCs
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide.
- March 06, 2025
- 03:53 PM
- 0
Ransomware gang encrypted network from a webcam to bypass EDR
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.
- March 06, 2025
- 03:31 PM
- 3
US seizes domain of Garantex crypto exchange used by ransomware gangs
The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol.
- March 06, 2025
- 02:07 PM
- 0
Turn your PDFs into fully editable, searchable files for life with this app deal
That's why SwifDoo PDF Pro is the better way to work with PDFs—a full-featured, pro-level PDF editor that you can own for life for just $27.99 (reg. $129) with code PDFLIFE through March 9.
- March 06, 2025
- 02:05 PM
- 0
Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online.
- March 06, 2025
- 01:05 PM
- 0
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain.
- March 06, 2025
- 12:11 PM
- 0
No comments:
Post a Comment