en
Back to the list

LastPass Security Breach: $4.4 Million in Cryptocurrencies Stolen

source-logo  beincrypto.com 29 October 2023 10:44, UTC

Around 25 crypto users using prominent password manager LastPass lost more than $4 million worth of digital assets on October 25, according to on-chain sleuth ZachXBT.

ZachXBT, in collaboration with fellow investigator Tayvano, traced back the exploit to December 2022, when LastPass confirmed a breach.

$4.4 Million Stolen from LastPass Customers

At the time, LastPass said the hackers copied a backup of its customer vault data. This included information about website usernames and passwords, secure notes, and form-filled data.

Since then, malicious players have drained wallets belonging to crypto users who might have saved their seed phrases on the platform. Reports had estimated that more than $35 million had been stolen from over 150 victims since December.

An October 27 post from Tayvano revealed that the most recent exploit affected around 80 crypto addresses belonging to these 25 victims. Resulting in a loss of $4.4 million.

LastPass Hack Victims. Source; ZachXBT

“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their keys/seeds in LastPass,” Tayvano said.

Security Experts Advise on Next Actions

Several crypto security experts have been advising LastPass users on mitigating further losses from the event.

Tayvano said users who have had their wallets drained should “get in touch and FILE AN IC3 RIGHT NOW IF YOU HAVEN’T DONE SO ALREADY.” The IC3, short for Internet Crime Complaint Center, is a central hub for reporting cybercrime.

In a separate October 22 post on X, the security expert reminded the community that every credential they had in LastPass at this time last year should be considered compromised. Due to this, Tayvano urged the community to “prioritize rotating your most valuable / oldest secrets + migrating assets today.”

Meanwhile, ZachXBT strongly advised that:

“If you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”

LastPass further advised its users never to reuse their master password on other websites and also minimize risk by changing the passwords of websites they have stored.

Read More:Top 9 Telegram Channels for Crypto Signals in 2023

beincrypto.com