The November hack of a popular password manager hurt crypto investors...
In November 2022, the password manager service LastPass reported a hack, as a result of which attackers gained access to the password stores of 25 million users, including encrypted and open data. Since then, cybersecurity experts have documented a series of large-scale cryptocurrency theft cases involving tech-savvy individuals in the high-tech industry.
This suggests that attackers managed to break into some of the stolen LastPass vaults and gain access to people's secret phrases that are used to access crypto wallets.
Taylor Monahan, founder and CEO of the MetaMask crypto wallet, as well as other experts, have already found a number of signs indicating a link between the latest cryptocurrency thefts from more than 150 people and the LastPass hack.
According to Monahan, the total amount of damage exceeded $ 35 million. Almost all of the victims were experienced cryptocurrency investors and took a responsible approach to cybersecurity issues. At the same time, no one's email or mobile phone was hacked.
Since March 2023, Monahan has been documenting cases of cryptocurrency theft on his blog, racking his brain for a common cause of compromise among victims. On August 28, she concluded that the common denominator of almost all the victims was the use of LastPass to store secret access phrases to crypto wallets.
Knowing the secret phrase, an attacker can instantly gain access to all cryptoassets and transfer funds anywhere. Therefore, many experts recommend storing phrases in encrypted form, for example, in a password manager or a special hardware cryptographic wallet.
"The secret phrase is literally money," said Nick Bax of crypto wallet recovery company Unciphered. He carefully analyzed the data on cryptocurrency thefts collected by Taylor Monahan and other researchers, and confirmed their conclusions.
Bax, Monahan and other experts found that almost all of the victims surveyed had secret phrases stored in LastPass. This indicates a link between the LastPass hack and subsequent cryptocurrency thefts, although it is difficult to prove this unequivocally.
Experts recommend that LastPass users urgently change their passwords and transfer crypto assets to new hardware wallets. You should also change the credentials for online banking and other important accounts.
LastPass confirmed in an official statement that the incident is being investigated by law enforcement agencies and does not comment on its details. LastPass encourages experts to share useful information about the case with their security team.
In November 2022, the password manager service LastPass reported a hack, as a result of which attackers gained access to the password stores of 25 million users, including encrypted and open data. Since then, cybersecurity experts have documented a series of large-scale cryptocurrency theft cases involving tech-savvy individuals in the high-tech industry.
This suggests that attackers managed to break into some of the stolen LastPass vaults and gain access to people's secret phrases that are used to access crypto wallets.
Taylor Monahan, founder and CEO of the MetaMask crypto wallet, as well as other experts, have already found a number of signs indicating a link between the latest cryptocurrency thefts from more than 150 people and the LastPass hack.
According to Monahan, the total amount of damage exceeded $ 35 million. Almost all of the victims were experienced cryptocurrency investors and took a responsible approach to cybersecurity issues. At the same time, no one's email or mobile phone was hacked.
Since March 2023, Monahan has been documenting cases of cryptocurrency theft on his blog, racking his brain for a common cause of compromise among victims. On August 28, she concluded that the common denominator of almost all the victims was the use of LastPass to store secret access phrases to crypto wallets.
Knowing the secret phrase, an attacker can instantly gain access to all cryptoassets and transfer funds anywhere. Therefore, many experts recommend storing phrases in encrypted form, for example, in a password manager or a special hardware cryptographic wallet.
"The secret phrase is literally money," said Nick Bax of crypto wallet recovery company Unciphered. He carefully analyzed the data on cryptocurrency thefts collected by Taylor Monahan and other researchers, and confirmed their conclusions.
Bax, Monahan and other experts found that almost all of the victims surveyed had secret phrases stored in LastPass. This indicates a link between the LastPass hack and subsequent cryptocurrency thefts, although it is difficult to prove this unequivocally.
Experts recommend that LastPass users urgently change their passwords and transfer crypto assets to new hardware wallets. You should also change the credentials for online banking and other important accounts.
LastPass confirmed in an official statement that the incident is being investigated by law enforcement agencies and does not comment on its details. LastPass encourages experts to share useful information about the case with their security team.
