Feds Suspect LastPass Hackers Stole $150 Million In Crypto From One Person
Three years after password manager LastPass was breached, twice, we're finally beginning to see the repercussions, and they are sizable. According to just-unsealed court records, one victim of the hack lost cryptocurrency that today would be worth three-quarters of a billion dollars.
The victim's loss is estimated to be 283,326,127 in XRP cryptocurrency, which was stolen from their LastPass account in January 2024. However, thanks to a massive spike in cryptocurrency values following the election of President Trump, the stolen funds are now worth some $716 million. This staggering increase in value highlights the significant impact that cybercrime can have on individuals and the cryptocurrency market as a whole.
"The scale of the theft and rapid dissipation of funds would have required the efforts of multiple malicious actors," said federal investigators with the U.S. Secret Service. "This loss will be especially galling to the victim, an anonymous San Francisco resident who believed they had taken reasonable steps to protect their accounts."
According to a colleague of the victim who helped manage their crypto, all physical documentation of the private key for the wallets was destroyed and the master password to access the LastPass account was "a long, unique" one, per the warrant. This suggests that the victim took extra precautions to secure their accounts, but ultimately fell victim to the sophisticated hacking techniques employed by the LastPass hackers.
Agents came to believe the LastPass hackers were behind the theft because it contained similarities to other hacks investigated by the FBI that were tied to those 2022 attacks. When the Secret Service examined devices used to access the victims' LastPass accounts, they found no other indicators they'd been infected, and there was a "similar theft typology" to those other attacks being probed by the FBI, according to the warrant.
Since the start of the investigation last year, the Secret Service has been tracing the funds through myriad exchanges around the world, while hackers work to launder the crypto at speed. The investigation is ongoing, and more seizures could be imminent, as there are currently no named suspects in the case.
The funds were traced to crypto accounts owned by a number of Russian and Latvian residents. While the seizure warrant was initially for only $23 million in stolen funds, the scope of the investigation suggests that much larger sums may be recovered in the future. As of yet, there are no conclusive findings that connect any crypto thefts to the LastPass breach.
"Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement," said a spokesperson for LastPass. "To date, our law enforcement partners have not made us aware of any conclusive evidence that connects any crypto thefts to our incident. In the meantime, we have been investing heavily in enhancing our security measures and will continue to do so."
The investigation is also part of a larger trend in cryptocurrency theft, with other notable incidents including the $1.5 billion heist from the ByBit exchange in February. The FBI and crypto researchers claimed North Korea was behind the hit.