Hackers Steal $4.4Million From 80 Wallets in 1 day
LastPass data breach triggers a $4.4 million crypto theft from 80 wallets, spotlighting the perils of storing digital asset keys in password vaults.
A 2022 data breach in LastPass, a password storage software, reportedly led to $4.4 million in crypto being stolen from 80 wallets, affecting at least 25 people.
On Oct. 27, on-chain researcher ZachXBT and MetaMask developer Taylor Monahan traced the fund movements of 80 affected wallets from Oct. 25. Monahan, in a Chainabuse report, pointed out that most victims were long-term LastPass users who stored their crypto wallet keys/seeds in LastPass.
LastPass, in December 2022, revealed that an attacker, using information from an August breach, targeted a LastPass employee, gaining access to and decrypting customer data. Encrypted customer vault data was also taken, which could be decrypted with a brute-force attack on the account’s master password.
Cybersecurity journalist Brian Krebs reported in September that some LastPass vaults had been cracked, with over $35 million in crypto stolen from around 150 victims. By January, a class-action suit was filed against LastPass, relating to a theft of around $53,000 worth of Bitcoin from the August breach.
ZachXBT, in a recent post, strongly advised anyone who stored wallet seeds or private keys in LastPass to “migrate your crypto assets immediately.”
