Monthly six-figure cryptocurrency heists have been taking place since late last year, and they have now been attributed to the December 2022 LastPass breach.
LastPass CEO Karim Toubba has already disclosed and actioned plans to reduce the likelihood of future attacks, but for some high-net-worth individuals who trusted the platform, it could be too late.
The news comes from software cryptocurrency wallet MetaMask’s lead product manager, Taylor Monahan, who noted a connection between the victims of both the LastPass breach and the crypto heists.
Is LastPass to blame for crypto theft?
Monahan and other researchers have identified clues dating back to December 2022 when the breach occurred, linking the more than 150 crypto heist victims to the LastPass incident. The total value of cryptocurrency stolen reportedly stands at more than $35 million.
Given how much money the victims had put aside in cryptocurrency, it’s unsurprising that Monahan noted their healthy account security. However, that was not enough to deter criminals who seem to have gotten their hands on the seed phrases used to unlock accounts, which were stored in the popular password manager.
According to the research put together by cybersecurity blogger Brian Krebs, between two and five “high-dollar heists” have occurred each month since the breach.
Krebs added: “LastPass declined to answer questions about the research highlighted in this story, citing an ongoing law enforcement investigation and pending litigation against the company in response to its 2022 data breach.”
TechRadar Pro gave LastPass the opportunity to comment on the research, but the company has not yet responded.
Those concerned about account security should consider setting up additional protective measures like two-factor authentication, as well as refraining from storing all account information in one place.
Finally, all Internet users should be cautious of phishing scams: if in doubt, revisit the webpage from a genuine URL rather than following a link in an email.