Ethical Hacking News
U.S. authorities have seized over $23 million in cryptocurrency linked to a massive theft that occurred in January 2024 when hackers exploited a breach in the LastPass password manager to steal approximately $150 million from a Ripple crypto wallet.
U.S. authorities have seized $23 million in cryptocurrency linked to a massive theft of approximately $150 million from Ripple's XRP wallet. The theft occurred when hackers exploited a breach in the LastPass password manager, stealing sensitive information and private keys. The investigation suggests that multiple malicious actors were involved in the complex cybercrime and used stolen digital assets across multiple cryptocurrency exchanges. The scale of the theft and rapid dissipation of funds indicate that multiple attackers were involved, consistent with other attacks on victims' cryptocurrency wallets. The seized $23 million is believed to be part of a larger scheme involving the theft of $150 million from Ripple co-founder Chris Larsen's XRP wallet.
U.S. authorities have recently seized over $23 million in cryptocurrency, believed to be linked to a massive theft that occurred in January 2024, when hackers exploited a breach in the LastPass password manager to steal approximately $150 million from a Ripple crypto wallet. The investigation into this complex cybercrime has led law enforcement agents to uncover a sophisticated scheme involving multiple cryptocurrency exchanges and a web of stolen digital assets.
According to a forfeiture complaint unsealed by the U.S. Justice Department, investigators have traced the stolen funds between June 2024 and February 2025 to several cryptocurrency exchanges, including OKX, Payward Interactive, Inc. (dba Kraken), WhiteBIT, AscendEX Technology SRL, Ftrader Ltd (dba FixedFloat), SwapSpace LLC, and Rabbit Finance LLC (dba CoinRabbit). The authorities have reason to believe that the hackers used private keys extracted by cracking the victim's password vault from the 2022 breach of the LastPass password manager to access their electronic accounts and steal information, cryptocurrency, and other data.
The U.S. Secret Service agents who interviewed the victim discovered no evidence that the devices were hacked, which suggests that the decryption of the stolen online password manager data was the only way for attackers to obtain the keys needed to compromise the victim's crypto wallet. The agents believe that the scale of this theft and the rapid dissipation of funds would have required the efforts of multiple malicious actors, and it is consistent with the attacks on other victims whose cryptocurrency was stolen.
The investigation also suggests that these hackers were behind a similar attack on an online password manager in August 2022, which resulted in a data breach. This breach led to the theft of source code, proprietary technical information, customer vault data, and the attackers extracted private keys and credentials from the compromised accounts. Since then, multiple security experts have shared that they believe the LastPass hackers cracked some of the stolen vault data and used the extracted private keys and credentials in major cryptocurrency heists.
The seized $23 million is believed to be part of a larger scheme involving the theft of approximately $150 million from Ripple co-founder Chris Larsen's XRP wallet. The U.S. Secret Service agents believe that storing private keys in LastPass, which was hacked in 2022, was the reason for this massive cryptocurrency theft. The investigation has revealed that multiple malicious actors were involved in this complex cybercrime.
The discovery of these stolen digital assets and the subsequent seizure of $23 million has significant implications for law enforcement agencies and the financial industry at large. As more cases of hacking come to light, authorities are working tirelessly to bring those responsible to justice and to prevent similar attacks from happening in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Cryptocurrency-Heist-A-Complex-Web-of-Password-Managers-and-Hacked-Digital-Assets-ehn.shtml
https://www.bleepingcomputer.com/news/security/us-seizes-23-million-in-crypto-stolen-via-password-manager-breach/
Published: Fri Mar 7 17:04:07 2025 by llama3.2 3B Q4_K_M
