- 1 Cryptocurrency hacks are uncommon in the industry and incidents only get intense with time.
- 2 The password manager LastPass was exploited last year and the linked wallets lost up to $40 Million to date.
The attack on LastPass could be counted among the top in the history of hacking and digital attacks. A platform holding crucial data of over 25 Million customers got compromised and the news spread like wildfire.
The cybersecurity concerns were raised fiercely and the discussions around it were prompted significantly. Recently, a report published cited the stealing of $4.4 Million in crypto assets from the wallets linked with the incident.
Pseudonym on-chain sleuth ZachXBT, with the help of Taylor Monahan, developer of the crypto wallet MetaMask, prepared a report. The report published with Chainabuse on October 27 stated that the stealing of $4.4 Million worth of cryptocurrencies took place on October 25, 2023.
At least 80 crypto wallets were said to have fallen victim to the instance that was linked with the password manager application, LastPass.
Though this was not the first time crypto wallets linked with the LastPass attack lost crypto assets, the recent one was seen as the biggest stealing in a single day.
ZachXBT noted that over 25 people fell victim to the incident and urged people to recall if they have used LastPass to store passwords or seed phrases and move their cryptocurrencies.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
— ZachXBT (@zachxbt) October 27, 2023
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
Monahan wrote in the report, “Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their keys/seeds in LastPass.”
The report published the crypto wallet addresses allegedly stolen by the hackers. The developer left a note for them stating’ “If you are reading this because your funds were stolen to one of these addresses, get in touch and FILE AN IC3 RIGHT NOW IF YOU HAVEN’T DONE SO ALREADY.”
Hackers Managed to Get Pass Through LastPass
Prominent password storage software LastPass reportedly came under digital attack in August 2022. The firm was informed about the mishap and provided the details of a series of attacks.
The Verge reported, citing the LastPass, that the attacks took place between August and November 2022. In the initial attack, the illicit actor breached the system and took the technical information. In the next attack allegedly done after exploiting the personal computer of an employee in November, it gained access to third-party cloud storage.
This lethal attack made it possible for hackers to reach and access customers’ information related to seed phrases and passwords.
Since the attack, there have been multiple instances of crypto thefts that took place. In a Krebs On Security post, cybersecurity journalist Brian Krebs noted that researchers including Monahan carried out the identification of some clues to find out thefts related to LastPass and targeted over 150 people.
New totals. These are only counting cases that 1) we know about 2) are hard linked together on-chain.
— Tay 💖 (@tayvano_) August 30, 2023
This # represents the absolute minimum amount stolen by this threat group.
1200+ BTC.
$32+ million dollars.
All stolen from individuals who took steps to stay secure. pic.twitter.com/XvvrbwkZvp
The report noted that the individuals lost more than $35 Million in digital assets until August this year. If the recent theft is included, the overall amount drained out accounts for nearly $40 Million.