breach

LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges

A class action is seeking damages from the password manager following a data breach in August 2022.

A class-action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022.

The class action was filed with the United States district court of Massachusetts on Jan. 3 by an unnamed plaintiff known only as “John Doe” and on behalf of others similarly situated.

It alleges that the data breach of LastPass has resulted in the theft of around $53,000 worth of Bitcoin (BTC).

The plaintiff claimed he began accruing BTC in July 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.”

This was done to enable the storage of private keys in the seemingly secure LastPass customer vault.

When news of the data breach broke, the plaintiff deleted his private information from his customer vault. LastPass was hacked in Aug. 2022, with the attacker stealing encrypted passwords and other data, according to a December statement from the company.

Despite the quick action to delete the data, it appeared to be too late for the plaintiff. The lawsuit read:

“However, on or around Thanksgiving weekend of 2022, Plaintiff’s Bitcoin was stolen using the private keys he stored with Defendant [LastPass].”

“The LastPass Data Breach has, through no fault of his own, exposed him to the theft of his Bitcoin and exposed him to continued risk,” it added.

The suit claims that victims have been put at increased substantial risk of future fraud and misuse of their private information, which may take years to manifest, discover and detect.

LastPass is being accused of negligence, breach of contract, unjust enrichment and breach of fiduciary duty. However, the figure sought in damages was not specified.

Related: ‘Third-party incident’ impacted Gemini with 5.7 million emails leaked

According to cybersecurity researcher Graham Cluley, the stolen data includes unencrypted information including company names, user names, billing addresses, telephone numbers, email addresses, IP addresses and website URLs from password vaults.

In December, LastPass admitted that if customers had weak Master Passwords, the attackers may be able to use brute force to guess this password, allowing them to decrypt the vaults.

Core Scientific shuts down 37K mining rigs it was hosting for Celsius

Core Scientific estimates that canceling the agreement with Celsius will provide $2 million in revenue per month as long as Bitcoin stays around $16,700.

Bankrupt cryptocurrency lender Celsius Network has agreed to let Bitcoin (BTC) miner Core Scientific shut off more than 37,000 mining rigs it had been hosting for Celsius during the miner’s bankruptcy proceedings.

Core Scientific filed a revised proposed order on Jan. 3 that incorporated “revisions acceptable to Celsius” stating “all Celsius rigs will be powered down effective January 3, 2023 and will not be restarted during the transition period.”

On Oct. 19, Core Scientific accused Celsius of failing to pay its power bills, later citing the non-payment as a major factor in the liquidity issues that led to the Bitcoin miner filing for Chapter 11 bankruptcy on Dec. 21.

On Dec. 28, Core Scientific filed a motion seeking approval to reject Celsius’ contracts, claiming the firm’s failure to pay its power bills constituted a material breach of contract.

According to the court filings, the termination of the agreement would apparently allow Core Scientific to generate a revenue of $2 million per month from the space currently occupied by Celsius’ mining rigs.

The hosting deal’s terms allowed Core Scientific to pass on some of the power costs to Celsius, and those costs have considerably increased since Russia’s invasion of Ukraine.

According to the rejection motion, covering the increased power fees cost Core Scientific almost $7.8 million as of Dec. 28 and the miner noted it “cannot afford to continue shouldering the burden of Celsius’ unpaid power costs.”

Related: Bitcoin miners see mixed successes in tackling debt-fueled overexpansion crisis

The cost of production has increased for miners while the price of Bitcoin has decreased, which has eaten into miners’ bottom line and contributed to the “hash price” — the revenue Bitcoin miners can earn per unit of hash rate — falling over 75% over 2022.

Bitcoin Hashprice Index. Source: Luxor Technologies

Miner’s lack of profitability combined with the costs associated with expansion efforts caused many Bitcoin miners to struggle toward the end of 2022 and share prices plummeted as a result.

Core Scientific has seen their share price fall by 99.15% over the course of the year, while Iris Energy and Riot Blockchain saw falls of 91.79% and 85.09%, respectively.

Bitcoin miners’ stock performance. Source: Luxor Technologies