- LastPass Breach Fallout: $4.4 million in crypto stolen in a single day.
- $35 million total losses since 2022, underscoring the severity of the situation.
- Urgent call for LastPass users to safeguard their assets amid ongoing security woes.
The scope of the crypto theft, which has been ongoing since 2022 due to the LastPass breach, is estimated to have surpassed $35 million. The latest incident further exacerbates this already substantial figure.
According to reports, at least 25 individuals have fallen victim to the pilfering of $4.4 million in cryptocurrency across a total of 80 wallets. This cyberattack is directly linked to a data breach in 2022 that had a significant impact on the password storage software, LastPass.
On October 27, in a post on Twitter by the pseudonymous on-chain researcher ZachXBT, it was revealed that ZachXBT and Taylor Monahan, a developer associated with MetaMask, had diligently monitored the movement of funds in the compromised wallets, which occurred on October 25.
A striking detail is that the majority, if not all, of the victims had been dedicated users of LastPass for an extended period, and many had stored their cryptocurrency wallet keys or seeds within the LastPass platform, as stated in a report by Chainabuse.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
— ZachXBT (@zachxbt) October 27, 2023
LastPass had disclosed in December 2022 that an attacker had exploited information stolen during a breach in August to target a LastPass employee. This led to the theft of their credentials and the subsequent decryption of customer information that had been stored.
Furthermore, a backup of encrypted customer vault data was also pilfered during the breach. LastPass warned that if the attacker succeeded in brute force guessing the master password of the account, this data could potentially be decrypted.
In a blog post in September, cybersecurity journalist Brian Krebs shed light on the fact that some of the LastPass customer vaults had apparently been cracked, resulting in the theft of over $35 million worth of cryptocurrency from approximately 150 victims.
Back in January, LastPass faced a class-action lawsuit from affected individuals, alleging that the breach in August 2022 had led to the loss of around $53,000 worth of Bitcoin.
In his most recent post, ZachXBT strongly recommended that anyone who had ever stored a wallet seed or private key in LastPass should take immediate action to transfer their cryptocurrency assets to a more secure location.
Disclaimer: Please note that the viewpoints and perspectives expressed by the author, as well as any individuals referenced in this article, are intended solely for informational purposes. They should not be construed as financial or investment advice. It’s important to acknowledge that investing in or trading cryptoassets carries inherent financial risks.