25 People Lose $4.4 Million in Crypto Due to LastPass Data Breach
According to reports, at least 25 individuals have had $4.4 million in cryptocurrency drained from 80 wallets following a 2022 data breach that affected password storage software LastPass.
Researcher Tracks Fund Movements
In a recent Twitter post, pseudonymous on-chain researcher ZachXBT, along with MetaMask developer Taylor Monahan, revealed that they have been tracking the movement of funds from the compromised wallets. Monahan stated that most, if not all, of the victims were long-time LastPass users who had stored their crypto wallet keys in LastPass.
Another $4.4M Drained in a Single Day
Just on October 25, 2023, an additional $4.4 million was drained from over 25 victims as a result of the LastPass hack. The researchers strongly urged anyone who suspects they may have stored their seed phrase or keys in LastPass to immediately transfer their crypto assets.
Previous Breach and Stolen Data
In December 2022, LastPass disclosed that an attacker had used stolen information from a breach that occurred in August to target an employee, obtaining their credentials and decrypting customer information. The attacker also stole an encrypted backup of customer vault data, which LastPass warned could be decrypted if the attacker successfully guessed the account's master password.
Massive Losses Reported Earlier
In September, cybersecurity journalist Brian Krebs reported that some of the LastPass customer vaults had been cracked, resulting in the theft of over $35 million worth of cryptocurrency from approximately 150 victims. Additionally, in January, LastPass faced a class-action lawsuit claiming that the August 2022 breach led to the theft of around $53,000 worth of Bitcoin.
Urgent Migration Advised
In his latest post, ZachXBT advised anyone who had ever stored a wallet seed or private key in LastPass to immediately transfer their crypto assets to a more secure platform.
