On October 25th, cybercriminals managed to siphon off a whopping $4.4 million in cryptocurrency, reportedly exploiting private keys and passphrases sheltered in pilfered LastPass databases. This case of substantial crypto-theft has sparked intense investigation by fraud researchers specializing in cryptocurrency-related crimes.
Cryptobros are Super Sleuthing It
Leading the investigation are ZachXBT and Taylor Monahan, a developer for MetaMask, who have been unmasking the plot inch-by-inch. In conversation with BleepingComputer, ZachXBT revealed the modus operandi of their investigation, which includes interfacing both with those who reach out to them and potential victims they can identify through the intricately tangled web of blockchain transactions.
Interestingly, their collective analysis indicates that the LastPass password management software surfaces as the common link across these illicit transactions. An act of strategic data pilferage in 2022 seems to have sealed the fate of at least 25 individuals, who lost a cumulative $4.4 million due to the LastPass data breach, as shared by ZachXBT via a tweet.
Back in 2022, a double blow was dealt to LastPass when it fell prey to not one, but two instances of data breach. These intruders managed to acquire a treasure trove of customer data, source code, and production backups. These backups, saved in cloud services, incorporated the encrypted password vaults whose keys were purloined by the threat actors.
Karim Toubba, CEO of LastPass at the time, attempted to assuage concerns by emphasizing that the purloined vaults were encrypted and only their rightful owners possessed the master passwords necessary to decrypt them. As long as their account holders were diligent about using robust passwords, their digital wealth ought to have been safe.
On the flip side, weaker passwords were a beacon for trouble. Pressing the urgency of updating the master password, LastPass underlined the vulnerability of simpler passwords against brute force cracking techniques, especially those executed by high-computing GPU-based programs..
Password Vaults are the Target
As joint inquiry by Monahan and ZachXBT suggests, these cyber felons seem to be focused on cracking these stolen password vaults, targeting valuable digital assets like cryptocurrency wallet passphrases, credentials, and private keys. Once these vaults are unlocked, they allow them to funnel cryptocurrencies out of their rightful wallets and into their own.
Based on Brian Krebs’ research, the same threat group appears to be involved in other such incidents, amassing a total of over $35 million in stolen funds. This is echoed by Monahan’s tweet in August, where he expressed his conviction linking the majority of these compromised accounts to LastPass thefts.
The data points towards a successful execution of attacks powered by information stolen from LastPass and underscores the need for its users who were active during the August and December 2022 breaches to change their passwords immediately.