Crypto thief steals $4.4M in a day as toll rises from LastPass breach
At least 25 people have reportedly seen $4.4 million in crypto drained from across 80 wallets due to a 2022 data breach that impacted password storage software LastPass.
In an Oct. 27 X (Twitter) post, pseudonymous on-chain researcher ZachXBT said they and MetaMask developer Taylor Monahan tracked the fund movements of at least 80 wallets compromised on Oct. 25.
“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass,” Monahan said in an accompanying Chainabuse report .
In December 2022, LastPass disclosed an attacker leveraged information previously stolen in a breach that August to target a LastPass employee , snagging their credentials and decrypting stored customer information.
Also stolen was a backup of encrypted customer vault data which LastPass warned could be decrypted if the attacker brute force guesses the account’s master password.
In a September blog post , cybersecurity journalist Brian Krebs reported some of the LastPass customer vaults had seemingly been cracked and over $35 million worth of crypto had been stolen from around 150 victims.
In January, LastPass was hit with a class-action suit from individuals claiming the August 2022 breach resulted in the theft of around $53,000 worth of Bitcoin.
In his latest X post, ZachXBT advised anyone who ever stored a wallet seed or private key in LastPass to “migrate your crypto assets immediately.”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Today's Fear and Greed Index fell slightly to 93, and the level is still extremely greedy
Breaking Down the Best: Why Qubetics, Ethereum, and Chainlink Are Leading November’s Crypto Scene
Court extends pretrial detention of Tornado Cash developer Pertsev