• About
  • Landing Page
  • Buy JNews
Newsletter
Bitcoin Press UK
  • Home
  • Bitcoin
  • Ethereum
  • Regulation
  • Market
  • Blockchain
  • Business
  • Guide
No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Regulation
  • Market
  • Blockchain
  • Business
  • Guide
No Result
View All Result
Bitcoin Press UK
No Result
View All Result
Home Bitcoin

The LastPass Breach: A Threat to Crypto Security?

Editorial Team by Editorial Team
September 8, 2023
in Bitcoin
0
The LastPass Breach: A Threat to Crypto Security?

#image_title

189
SHARES
1.5k
VIEWS
Share on Facebook Share on Twitter

After the LastPass breach in November 2022, where hackers pilfered password vaults affecting over 25 million users, the tech community has been on high alert. Recent spikes in cryptocurrency thefts have raised eyebrows, leading experts to believe that hackers might be decrypting stolen LastPass vaults.

The Link Between LastPass and Crypto Thefts

Taylor Monahan, the lead product manager of MetaMask, has been investigating this issue. Since December 2022, Monahan and her team have identified patterns linking thefts that have collectively amounted to over $35 million in stolen crypto from more than 150 individuals.

Related articles

Germany Bitcoin Price Surge

Germany’s Crypto News Spurs 4.5% Bitcoin Price Surge Amidst Recovery

November 21, 2023
Argentina Bitcoin President

Argentina Elects Bitcoin Advocate: BTC Price Soars to £37,530

November 21, 2023

Interestingly, the victims, predominantly long-term cryptocurrency investors, didn’t exhibit signs of typical pre-heist attacks, such as email or mobile phone compromises. Monahan emphasized the security-conscious nature of these victims, many of whom are deeply embedded in the crypto ecosystem.

The Common Thread: LastPass

Monahan’s research, shared extensively on Twitter since March 2023, initially struggled to find a common denominator among the victims. However, by August 28, she identified a recurring theme: nearly every victim had stored their cryptocurrency “seed phrase” on LastPass.

This seed phrase is a critical component for crypto investors. Possession of this phrase allows anyone to access and transfer associated cryptocurrency holdings. While many cybersecurity enthusiasts store their seed phrases in encrypted containers like password managers or offline devices like Trezor or Ledger wallets, the breach has exposed the potential vulnerabilities of such practices.

The Intricacies of the Investigation

Nick Bax from Unciphered collaborated with Monahan on this investigation. Describing it as one of the most extensive and intricate cryptocurrency investigations he’s witnessed, Bax confirmed Monahan’s findings. The stolen funds from various victims often ended up in the same blockchain addresses, strengthening the link between the thefts.

However, out of respect for ongoing research, specific details about the thefts remain undisclosed to the public. Still, the researchers have shared insights about the similarities in how the stolen funds were moved and laundered.

The Importance of Password Iterations

A chart on Palant’s blog post offers an idea of how increasing password iterations dramatically increases the costs and time needed by the attackers to crack someone’s master password. Palant said a single GPU would take about a year to crack a password of average complexity with 500 iterations, and about 10 years to crack the same password run through 5,000 iterations.

Table showing the relationship between iterations, guessing time on a single GPU, and cost.

However, these numbers decrease radically when a determined adversary also has other large-scale computational assets at their disposal, such as a bitcoin mining operation that can coordinate the password-cracking activity across multiple powerful systems simultaneously.

Victim Profiles and Testimonies

One of the victims, referred to as “Connor” for anonymity, shared his experience of losing approximately $3.4 million in various cryptocurrencies. A software engineer and startup founder, Connor had stored his seed phrase on LastPass and used an eight-character master password. He noticed rapid unauthorized transactions from his crypto accounts early one morning.

Connor’s story is not unique. Many victims had similar experiences, with the only commonality being their use of LastPass to store seed phrases.

The LastPass Breaches: A Timeline

LastPass’s journey through these security challenges began on August 25, 2022, when they detected unusual activity. Initially, they assured users that no customer data or password vaults were accessed. However, by November 30, 2022, a more severe security incident was disclosed, revealing that hackers had accessed encrypted password vaults and other personal data.

Further revelations in February 2023 exposed a targeted attack against a specific LastPass employee, leading to the compromise of the corporate vault.

The Implications for LastPass Users

Given the gravity of the situation, Taylor Monahan of MetaMask advises LastPass users, especially those with cryptocurrency-related passwords, to change their credentials immediately. She also recommends migrating crypto holdings to new offline hardware wallets.

The Debate on Password Managers

The LastPass breach has reignited the debate on the safety of password managers. While some experts argue for the convenience and security they offer, others, like the author, prefer traditional methods like writing down passwords and storing them securely.

However, for those still inclined towards password managers, alternatives like 1Password, which employs a different encryption mechanism, might be worth considering.

Conclusion

While the direct link between the LastPass breach and the crypto thefts remains a topic of debate, the evidence is compelling. As the crypto world continues to evolve, so too do the threats against it. Ensuring the security of assets, especially in digital form, remains paramount.

Tags: blockchainBreachCrypto TheftCrypto WalletCybersecurityEncryptionLastPassMetaMaskPassword IterationsPassword ManagerSecuritySeed PhraseTaylor MonahanVault Data
Share76 Tweet47

Related Posts

Germany Bitcoin Price Surge

Germany’s Crypto News Spurs 4.5% Bitcoin Price Surge Amidst Recovery

by Satoshi Nakamoto
November 21, 2023
0

Germany's crypto news has had a significant impact on the Bitcoin market, resulting in a 4.5% surge in prices. This...

Argentina Bitcoin President

Argentina Elects Bitcoin Advocate: BTC Price Soars to £37,530

by Satoshi Nakamoto
November 21, 2023
0

Argentina has just elected a pro-Bitcoin candidate, Javier Milei, as its President, and the impact on the cryptocurrency market has...

Bitcoin Price UK

Bitcoin Price Soars: UK Investors’ Interest Peaks Ahead of Halving Event

by Satoshi Nakamoto
November 19, 2023
0

The recent decline in Bitcoin and other cryptocurrencies has created a volatile market. However, UK investors are showing increased interest...

Spot Bitcoin ETF Approval

Spot Bitcoin ETF on the Horizon: BitGo CEO Mike Belshe Cautions Against Over-Optimism

by Satoshi Nakamoto
November 19, 2023
0

As the possibility of a Spot Bitcoin ETF approval gains traction, industry experts are weighing in on the potential outcomes....

Bitcoin Halving 2024: What to Expect and Prepare For

Bitcoin Halving 2024: What to Expect and Prepare For

by Satoshi Nakamoto
November 17, 2023
0

With the upcoming Bitcoin halving in 2024, it's essential to understand the potential impact on Bitcoin's value and prepare accordingly....

Load More
  • Trending
  • Comments
  • Latest

Is BlackRock Secretly Influencing Bitcoin Price? Here’s the Truth.

September 19, 2023
Crypto casinos: The new ‘Wild West’ hooking gamblers

Crypto casinos: The new ‘Wild West’ hooking gamblers

September 19, 2023

This Week's Crypto Snapshot: TIA and YFI Soar; GAS, TRB, MKR … – Bitcoin.com News

November 17, 2023

Critics Alarmed as 2 Major Mining Pools Dominate Over 50% of … – Bitcoin.com News

November 17, 2023

How to Increase the CRT ?

0

Theme with seo optimization

0

Increase the theme speed by seo optimization

0

Promote the theme by google adsense

0
Germany Bitcoin Price Surge

Germany’s Crypto News Spurs 4.5% Bitcoin Price Surge Amidst Recovery

November 21, 2023
Crypto Market Update

Crypto Market Update: Altcoins Waver as Bitcoin Dominance Hits 51.6%

November 21, 2023
Crypto Funds Inflows

Crypto Funds Gain Traction: Inflows Surge for BTC, ETH, ADA

November 21, 2023
Bitcoin Options Record

Bitcoin Options Boom: Deribit Hits Record $15B Open Interest

November 21, 2023
  • About
  • Contact Us

© 2021 BitcoinPress

No Result
View All Result
  • Contact Us
  • Homepages
  • Business
  • Guide

© 2021 BitcoinPress