CyberSecurity news
FlagThis
Thomas Brewster,@Thomas Fox-Brewster
//
Federal agents have linked a $150 million cryptocurrency heist to the 2022 LastPass data breach. U.S. authorities have seized over $23 million in cryptocurrency related to the January 2024 theft from a Ripple crypto wallet, with investigators believing hackers who breached LastPass in 2022 were responsible. These findings align with those published by KrebsOnSecurity in September 2023, which highlighted a series of six-figure cyberheists resulting from cracked master passwords stolen from LastPass.
The U.S. Secret Service and FBI investigations support the conclusion that the same attackers behind the LastPass breach used a stolen password from the victim's online password manager to access their cryptocurrency wallet. The stolen XRP, initially valued at $150 million, is now worth $716 million. The Secret Service continues to trace the funds through various exchanges, noting that the scale and rapid dissipation of funds required multiple malicious actors, consistent with the online password manager breaches and attacks on other victims.
ImgSrc: imageio.forbes.
References :
The U.S. Secret Service and FBI investigations support the conclusion that the same attackers behind the LastPass breach used a stolen password from the victim's online password manager to access their cryptocurrency wallet. The stolen XRP, initially valued at $150 million, is now worth $716 million. The Secret Service continues to trace the funds through various exchanges, noting that the scale and rapid dissipation of funds required multiple malicious actors, consistent with the online password manager breaches and attacks on other victims.
ImgSrc: imageio.forbes.
Share:
References :
- bsky.app: U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.
- BrianKrebs: New, by me: Feds Link $150M Cyberheist to 2022 LastPass Hacks In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
- krebsonsecurity.com: Feds Link $150M Cyberheist to 2022 LastPass Hacks
- The DefendOps Diaries: The Seizure of $23 Million in Cryptocurrency: A Detailed Analysis of the Ripple Wallet Hack Linked to LastPass Breach
- Thomas Fox-Brewster: Feds Suspect LastPass Hackers Stole $150 Million In Crypto From One Person
- securityaffairs.com: Feds seized $23 million in crypto stolen using keys from LastPass breaches
- www.scworld.com: LastPass hack leveraged to facilitate $150M crypto heist
Classification:
- HashTags: #LastPass #CryptoTheft #Cyberheist
- Company: LastPass
- Target: LastPass users
- Attacker: US DOJ
- Product: LastPass
- Feature: Password theft
- Type: DataBreach
- Severity: Major