International
Cancel
US NewsUS NewsView in App

Hackers steal LastPass source code. Check out details

Hackers have stolen the source code of LastPass, but the users are safe for now. The accounts of LastPass users are safe for now, but stealing the source code can quickly change that.

By ET Spotlight Special | Updated:
Agencies
HackerOne.
Remembering your login credentials for multiple websites and platforms you visit online can be tedious and challenging. It can turn into a real chore in the internet age. It created an (SSO) Single Sign On authentication market. Browsers such as Google Chrome have this password management feature, and the most famous of all the password managers is LastPass. Hackers or cybercriminals have targeted LastPass.

When Did it Happen?
The development environment of the company was recently breached and compromised. The breach was caught about a couple of weeks back, but it is only now that we are getting to know about it. Karim Toubba, CEO of LastPass, said that the company detected a breach where hackers gained access to some of the company's proprietary technical information and source codes through a compromised developer account.


LastPass launched an investigation immediately upon knowing of the breach and are still undertaking the investigation. LastPass has employed a cybersecurity firm to prevent such attacks by hackers in the future.

How are Things?
LastPass says the services are running and operating smoothly, and the encrypted password vaults and customer data are unaffected. LastPass said that no remedial action by the users is required right now. It is not the first time LastPass has encountered hackers. The company encountered suspicious activities in 2021, where hackers used the correct master passwords to try and get into many customer accounts.

How hackers pulled off the biggest ever cryptocurrency heist
1/5

Hackers pulled off the biggest ever cryptocurrency heist on Tuesday, stealing $613 million in digital coins from token-swapping platform Poly Network, only to return $260 million worth of tokens less than 24 hours later. Here's what we know so far about the heist.

Hackers pulled off the biggest ever cryptocurrency heist on Tuesday, stealing $613 million in digital coins from token-swapping platform Poly Network, only to return $260 million worth of tokens less..
Read More

A lesser-known name in the world of crypto, Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap tokens across different blockchains.



For example, a customer could use Poly Network to transfer tokens such as bitcoin from the Ethereum blockchain to the Binance Smart Chain, perhaps looking to access a specific application.



According to specialist crypto website Coindesk, Poly Network was launched by the founders of Chinese blockchain project Neo.

A lesser-known name in the world of crypto, Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap token..
Read More

Poly Network operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract which contains instructions on when to release the assets to the counterparties. One of the smart contracts that Poly Network uses to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens. Poly Network tweeted on Tuesday that a preliminary investigation found the hackers exploited a vulnerability in this smart contract.



According to an analysis of the transactions tweeted by Kelvin Fichter, an Ethereum programmer, the hackers appeared to override the contract instructions for each of the three blockchains and diverted the funds to three wallet addresses. These were later traced and published by Poly Network.



The attackers stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin, according to blockchain forensics company Chainalysis. A person claiming to have perpetrated the hack said they had spotted a "bug," without specifying, and that they wanted to "expose the vulnerability" before others could exploit it.

Poly Network operates on the Binance Smart Chain, Ethereum and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract which contains instructions on when to release th..
Read More

As of late Wednesday, the hackers had returned $260 million of the assets, but $353 million was outstanding. It is unclear where the remaining assets have gone.



Coindesk reported on Tuesday that the hackers had tried to transfer assets including tether tokens from one of the three wallets into liquidity pool Curve.fi, but that transfer was rejected. About $100 million has been moved out of another of the wallets and deposited into liquidity pool Ellipsis Finance.

As of late Wednesday, the hackers had returned $260 million of the assets, but $353 million was outstanding. It is unclear where the remaining assets have gone.Coindesk reported on Tuesday that the h..
Read More

The hacker or hackers has not yet been identified. Cryptocurrency security firm SlowMist said on its website that it has identified the attacker's mailbox, internet protocol address, and device fingerprints, but the company has not yet named any individuals. SlowMist said the heist was "likely to be a long-planned, organized and prepared attack."



Despite the purported hacker posing as a so-called "white hat", an ethical hacker who aimed to identify the vulnerability for Poly Network and had "always" planned to give the money back, according to the messages published by Chainalysis, some crypto experts are skeptical.

The hacker or hackers has not yet been identified. Cryptocurrency security firm SlowMist said on its website that it has identified the attacker's mailbox, internet protocol address, and device finge..
Read More
See More SlideshowsMore Slideshows

ADVERTISEMENT
LastPass denied and flagged the attempts due to different geographical locations and maintained that the servers remained unaffected (like this time). LastPass suspected that the leak happened through a third party.

LastPass is one of the most famous and best password managers worldwide, but it shut down its free version in 2021. Chrome's in-built password manager has similar features.

FAQs

Q1. Have hackers hacked LastPass?
A1. Hackers have stolen the source code of LastPass, but the users are safe now.

ADVERTISEMENT
Q2. When did the stealing happen?
A2. It happened a couple of weeks back, but we are now getting to know about it.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
READ MORE
ADVERTISEMENT

READ MORE:

source code |karim toubba |Hackers |LastPass |US NEWS

LOGIN & CLAIM

50 TIMESPOINTS

Escape From Kabul Airport: US' Afghanistan evacuation documentary to be released on BBC, HBO

More from our Partners

Loading next story
Cancel
Business News › News › International › US News › Hackers steal LastPass source code. Check out details
Text Size:AAA

Popular Categories

Hot on Web

In Case you missed it

Top Searched Companies

Download ET APP


Follow us on


Powered by

become a member

Terms of Use & Grievance Redressal Policy
DNPA Code of Ethics|Privacy Policy|Archive|Delete Data|Feedback|

Copyright © 2026 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights:
Times Syndication Service

Do Not Sell My Personal Information
Success
This article has been saved

*

+