What just happened? In a court filing earlier this month, U.S. federal agents confirmed that a series of high-profile cyberheists, including a $150 million cryptocurrency theft, are linked to the 2022 breach of password manager service LastPass. The heists involved cracking master passwords stolen from LastPass, which allowed thieves to access sensitive information, including cryptocurrency seed phrases stored in the "Secure Notes" section of victims' accounts, according to KrebsonSecurity, which has been tracking these incidents since September 2023. The $150 million heist, which occurred on January 30, 2024, is believed to have targeted Chris Larsen, co-founder of the cryptocurrency platform Ripple, according to blockchain security researcher ZachXBT. Federal prosecutors in northern California have seized approximately $24 million in cryptocurrencies related to this theft.According to the seizure document, the U.S. Secret Service and the FBI believe the attackers used stolen data from LastPass to access victims' accounts without authorization. This pattern is consistent with similar six-figure crypto heists, where victims had stored their cryptocurrency seed phrases in LastPass before the 2022 breaches.Krebs says that security researchers Nick Bax and Taylor Monahan have been working with dozens of victims and found none experienced typical precursor attacks, such as email or mobile phone account compromises, or SIM-swapping attacks. Instead, all victims had stored their cryptocurrency seed phrases in LastPass's "Secure Notes" before the breaches. The heists followed a similar pattern of rapidly moving stolen funds to numerous drop accounts scattered across various cryptocurrency exchanges.The breach of LastPass in 2022 involved two significant incidents. Initially, on August 25, 2022, LastPass CEO Karim Toubba announced that the company had detected unusual activity in its software development environment, resulting in the theft of some source code and proprietary technical information.However, on September 15, 2022, LastPass stated that the investigation found no access to customer data or password vaults. This assessment changed on November 30, 2022, when LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults and other personal information using data stolen in the August breach. // Related StoriesThis breach would have given thieves offline access to encrypted password vaults, allowing them to attempt to crack weaker master passwords using powerful systems capable of millions of guesses per second. Many victims had chosen master passwords with relatively low complexity and were among LastPass's oldest customers.Legacy users were more likely to have master passwords protected with fewer iterations the number of times a password is run through the company's encryption routines. The more iterations, the longer it takes an offline attacker to crack the master password. Over the years, LastPass increased the number of iterations for new users, requiring longer and more complex master passwords. However, researchers found that many older customers were not upgraded to these newer security standards.Despite these findings, LastPass maintains no definitive proof linking the cyberheists to their breaches. The company says it has been cooperating with law enforcement and investing in enhanced security measures.However, researchers have expressed concern that LastPass has not adequately alerted its customers about the potential risks, particularly sensitive information stored in "Secure Notes." They argue that more proactive measures could have prevented millions of dollars in thefts.Bax noted that after issuing the initial warning, he hoped users would migrate their funds to new cryptocurrency wallets. However, the continued thefts show how much more needs to be done.LastPass could have encouraged users to rotate their credentials and prevented further thefts but instead chose to deny the risks and blame the victims, Monahan said. The situation remains critical, with recent reports of additional thefts in December.