Feds Suspect LastPass Hackers Stole $150 Million In Crypto From One Person #CriptoNews

Three years after password manager LastPass was breached, twice, we’re finally beginning to see the repercussions, and they are sizable. According to just-unsealed court records, one victim of the hack lost cryptocurrency that today would be worth three-quarters of a billion dollars.

Federal investigators with the U.S. Secret Service believe the victim lost 283,326,127 in XRP cryptocurrency to those same LastPass hackers. A seizure warrant reviewed by Forbes notes that the XRP was worth $150 million when the theft occurred in January 2024. Now, thanks to a massive spike in cryptocurrency values following the election of President Trump, the stolen funds are now worth some $716 million.

“The scale of the theft and rapid dissipation of funds would have required the efforts of multiple malicious actors.”

That loss will be especially galling to the victim, an anonymous San Francisco resident who believed they had taken reasonable steps to protect their accounts. According to a colleague of the victim who helped manage their crypto, all physical documentation of the private key for the wallets was destroyed and the master password to access the LastPass account was “a long, unique” one, per the warrant.

Agents came to believe the LastPass hackers were behind the theft because it contained similarities to other hacks investigated by the FBI that were tied to those 2022 attacks. When the Secret Service examined devices used to access the victims’ LastPass accounts, they found no other indicators they’d been infected, and there was a “similar theft typology” to those other attacks being probed by the FBI, according to the warrant.

Since the start of the investigation last year, the Secret Service has been tracing the funds through myriad exchanges around the world, while hackers work to launder the crypto at speed. “The scale of the theft and rapid dissipation of funds would have required the efforts of multiple malicious actors, and was consistent with the online password manager breaches and attacks on other victims whose cryptocurrency was stolen,” the investigators wrote. “For these reasons, law enforcement agents believe the cryptocurrency stolen from Victim 1 was committed by the same attackers who conducted the attack on the online password manager, and cryptocurrency thefts from other similarly situated victims.”

As of yet, there are no named suspects, though the funds were traced to crypto accounts owned by a number of Russian and Latvian residents. While the seizure warrant was to recover only $23 million in stolen funds, the investigation is ongoing and more seizures could be imminent.

It’s been a big month for massive crypto thefts. In February, hackers stole $1.5 billion from the ByBit exchange, in what was dubbed the biggest crypto heist in history. The FBI and crypto researchers claimed North Korea was behind the hit.

MORE ON FORBES

ForbesScammers Trick Trump Supporters Into Believing Their Memorabilia Is Worth MillionsBy Thomas BrewsterForbesLastPass Hacked: Password Manager With 25 Million Users Confirms BreachBy Davey WinderForbesNew LastPass Hack Confirmed—Here’s What We Know So FarBy Davey WinderForbesLatest On The Bybit Record Breaking 1.4 Billion Dollar Crypto HackBy Sandy Carter