The unhackable password protection app continues to see users lose their crypto
September estimates disclosed that a minimum of $35 million in crypto was stolen from targets of the LastPass breach since the 2022 hack, with the most recent breach adding to the total. At least 25 users have reportedly lost $4.4 million in crypto in one day, drained from 80 wallets after the 2022 data breach that affected LastPass password storage software.
Pseudonymous on-chain researcher ZachXBT said in an X (formerly Twitter) post on October 27 that he tracked fund movements with MetaMask developer Taylor Monahan, finding at least 80 wallets that were breached on October 25.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
— ZachXBT (@zachxbt) October 27, 2023
“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass,” said Monahan in a concurrent Chainabuse report.
In December 2022, LastPass disclosed that a hacker used info stolen in a previous breach to target a LastPass employee in August, using their certifications and decoding stored customer information. A backup of encrypted customer vault data was also stolen. LastPass cautioned that the data could be decrypted if the attacker can decipher the master password.
Cybersecurity journalist Brian Krebs declared in a September blog post that some LastPass customer vaults looked like they had been decrypted, with more than $35 million in crypto funds stolen from about 150 separate targets.
A class-action lawsuit was also filed against LastPass by people claiming that the August 2022 breach resulted in them losing about $53,000 worth of Bitcoin.
ZachXBT warned in his latest X post that individuals who have ever stored a private key or wallet seed on LastPass should “migrate your crypto assets immediately.”
Emma Rodriguez is the Proofreader at the Big Blind, with seven years of experience and five years in online gambling. She plays a crucial role in maintaining content quality by ensuring error-free, reader-friendly information about the gambling industry.