In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
On March 6, federal prosecutors in northern California said they seized approximately $24 million worth of cryptocurrencies that were clawed back following a $150 million cyberheist on Jan. 30, 2024. The complaint refers to the person robbed only as “Victim-1,” but according to blockchain security research ZachXBT the theft was perpetrated against Chris Larsen, the co-founder of the cryptocurrency platform Ripple.
ZachXBT was the first to report on the heist, of which approximately $24 million was frozen by the feds before it could be withdrawn. This week’s action by the government merely allows investigators to officially seize the frozen funds.
But there is an important conclusion in this seizure document: It basically says the U.S. Secret Service and the FBI agree with the findings of the LastPass breach story published here in September 2023. That piece quoted security researchers who said they were witnessing six-figure crypto heists several times each month that they believed all appeared to be the result of crooks cracking master passwords for the password vaults stolen from LastPass in 2022.
“The Federal Bureau of Investigation has been investigating these data breaches, and law enforcement agents investigating the instant case have spoken with FBI agents about their investigation,” reads the seizure complaint, which was written by a U.S. Secret Service agent. “From those c ..
Support the originator by clicking the read the rest link below.
