Feds Suspect LastPass Hackers Stole $150 Million in Crypto from Single Victim

Federal investigators now believe that LastPass hackers may be responsible for one of the most significant crypto thefts to date—a loss of cryptocurrency worth $150 million at the time of the breach, now valued at approximately $716 million due to a surge in crypto prices.

According to unsealed court records reviewed by Forbes, an anonymous San Francisco resident fell victim to the theft in January 2024. Federal agents from the U.S. Secret Service allege that the victim lost 283,326,127 XRP in the attack. While the XRP was valued at $150 million at the time, subsequent market fluctuations—exacerbated by recent political shifts—have pushed the current value to nearly $716 million.

The victim, who had taken extensive precautions to secure their digital assets—including destroying all physical documentation of private keys and using a “long, unique” master password for their LastPass account—found these measures insufficient against the sophisticated tactics employed by the hackers. Investigators noted similarities between this case and previous breaches of LastPass, suggesting a pattern that ties the theft to the same group responsible for earlier attacks.

“The scale of the theft and the rapid dissipation of funds indicate the coordinated efforts of multiple malicious actors,” the seizure warrant stated. Agents traced the stolen funds through a labyrinth of cryptocurrency exchanges around the world, noting that the tactics and methods bore a striking resemblance to other crypto thefts currently under investigation by the FBI.

Although the seizure warrant initially aimed to recover $23 million in stolen assets, the investigation is far from over. Authorities have traced portions of the funds to crypto accounts held by individuals in Russia and Latvia, but no suspects have yet been formally named.

LastPass, which has experienced multiple high-profile breaches over the past three years, responded in a statement: “Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement. To date, our law enforcement partners have not made us aware of any conclusive evidence that connects any crypto thefts to our incident. In the meantime, we have been investing heavily in enhancing our security measures and will continue to do so.”

This case adds to an already turbulent month in the world of crypto security. In February, hackers executed what was dubbed the largest crypto heist in history by stealing $1.5 billion from the ByBit exchange—a case that investigators and crypto researchers have linked to North Korean cyber operatives.

As federal agencies continue their relentless pursuit of cybercriminals, the LastPass case serves as a stark reminder of the evolving threats in digital security and the high stakes involved in safeguarding cryptocurrency assets. Authorities are urging users and companies alike to remain vigilant and to continuously update security protocols as hackers become ever more sophisticated.

Photo Credit: DepositPhotos.com