header banner
Default

Cryptocurrency thief takes $4,04 million in a single day as LastPass breach costs increase


Table of Contents

    Estimates in September revealed that at least $35 million in crypto has been stolen from victims of the LastPass breach since 2022, with the latest hack adding to the toll.

    46538 Total views

    72 Total shares

    Crypto thief steals $4.4M in a day as toll rises from LastPass breach

    At least 25 people have reportedly seen $4.4 million in crypto drained from across 80 wallets due to a 2022 data breach that impacted password storage software LastPass.

    In an Oct. 27 X (Twitter) post, pseudonymous on-chain researcher ZachXBT said he and MetaMask developer Taylor Monahan tracked the fund movements of at least 80 wallets compromised on Oct. 25.

    “Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass,” Monahan said in an accompanying Chainabuse report.

    Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.

    Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb

    — ZachXBT (@zachxbt) October 27, 2023

    In December 2022, LastPass disclosed that an attacker leveraged information previously stolen in a breach in August to target a LastPass employee, snagging their credentials and decrypting stored customer information.

    Also stolen was a backup of encrypted customer vault data, which LastPass warned could be decrypted if the attacker brute force guesses the account’s master password.

    Related: Blockchain congestion and transaction queues actually deter ‘nefarious actors’: Study

    In a September blog post, cybersecurity journalist Brian Krebs reported that some of the LastPass customer vaults had seemingly been cracked and over $35 million worth of crypto had been stolen from around 150 victims.

    In January, LastPass was hit with a class-action suit from individuals claiming the August 2022 breach resulted in the theft of around $53,000 worth of Bitcoin (BTC).

    In his latest X post, ZachXBT advised anyone who ever stored a wallet seed or private key in LastPass to “migrate your crypto assets immediately.”

    Magazine: Deposit risk: What do crypto exchanges really do with your money?

    Sources


    Article information

    Author: Lee Ramirez

    Last Updated: 1699635962

    Views: 1311

    Rating: 4.5 / 5 (50 voted)

    Reviews: 84% of readers found this page helpful

    Author information

    Name: Lee Ramirez

    Birthday: 1947-06-07

    Address: 900 Janet Branch, Lisaberg, MD 77871

    Phone: +3604537493329664

    Job: Zoologist

    Hobby: Crochet, Graphic Design, Photography, Kite Flying, Cocktail Mixing, Animation, Wildlife Photography

    Introduction: My name is Lee Ramirez, I am a radiant, intrepid, forthright, brilliant, dazzling, strong-willed, fearless person who loves writing and wants to share my knowledge and understanding with you.