Identity, Threat Intelligence, Application security

LastPass hack leveraged to facilitate $150M crypto heist

LastPass website under a magnifying glass. LastPass is a freemium password manager that stores encrypted passwords online.

Threat actors who compromised the widely used password manager service LastPass in 2022 were disclosed by U.S. law enforcement agencies to have utilized stolen master passwords to exfiltrate $150 million worth of cryptocurrency from a wallet reported by blockchain security researcher ZachXBT to belong to Ripple co-founder Chris Larsen, according to KrebsOnSecurity.

Nearly $24 million of the cryptocurrency assets stolen in a January 2024 heist was also noted by ZachXBT to have already been requested by the feds, who regarded the attack and subsequent laundering of funds to involve the effort of various attackers and resembling intrusions against online password managers and other crypto heist victims.

However, LastPass disclosed that it has yet to obtain evidence definitively associating the attack against its systems with the theft of cryptocurrency.

"...[O]ur law enforcement partners have not made us aware of any conclusive evidence that connects any crypto thefts to our incident. In the meantime, we have been investing heavily in enhancing our security measures and will continue to do so," said LastPass.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

You can skip this ad in 5 seconds