LastPass Customers Loose $4.4M from Crypto Wallets in a Single Day
In Brief
Hackers steal approximately $4.4 million in cryptocurrency from LastPass wallets, from 80 separate addresses.
The current controversy enveloping the widely used password manager application LastPass intensifies —- as a hacker recently stole approximately $4.4 million in cryptocurrency siphoned from 80 separate addresses, affecting 25 victims.
The incident stems from a data breach in 2022 that has directly affected LastPass, a prominent password storage software. In the exploration of this cyber fiasco, blockchain experts ZachXBT and Tayvano meticulously traced the hacker’s activities on October 25th.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
— ZachXBT (@zachxbt) October 27, 2023
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
LastPass is owned by GoTo, the US-based IT service provider.
The roots of this recent security breach can be traced back to an earlier incident in December 2022, when LastPass issued a notification to its users, revealing an unauthorized breach. During that time, the firm disclosed that an outside entity had managed to infiltrate a third-party cloud-based storage service, utilized by LastPass for storing archived data backups.
As the investigation unfolded, LastPass divulged that the malefactor had successfully duplicated customer vault data from the encrypted storage, gaining access to sensitive information including website usernames and passwords, secure notes, and form-filled data.
In the wake of the breach, LastPass CEO Karim Toubba asserted that the threat actor would encounter considerable challenges in attempting to unravel the encrypted copies, emphasizing the necessity for brute force techniques to crack the master passwords.
Toubba further emphasized the intricate layers of security implemented by the firm, making the decryption process an arduous endeavor for any potential threat actor.
Migrating Crypto Assets Recommended
In a recent update, expert ZachXBT strongly recommended that anyone who has ever stored a wallet seed or private key in LastPass should swiftly move their crypto assets to a safer location (“migrate your crypto assets immediately”).
In a recent blog post by cybersecurity journalist Brian Krebs, it was revealed that certain LastPass customer vaults have been breached, resulting in the apparent theft of over $35 million worth of cryptocurrency from approximately 150 individuals.
Earlier this year, LastPass faced a class-action lawsuit from several people alleging that the breach in August 2022 led to the loss of about $53,000 worth of Bitcoin.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Kumar is an experienced Tech Journalist with a specialization in the dynamic intersections of AI/ML, marketing technology, and emerging fields such as crypto, blockchain, and NFTs. With over 3 years of experience in the industry, Kumar has established a proven track record in crafting compelling narratives, conducting insightful interviews, and delivering comprehensive insights. Kumar's expertise lies in producing high-impact content, including articles, reports, and research publications for prominent industry platforms. With a unique skill set that combines technical knowledge and storytelling, Kumar excels at communicating complex technological concepts to diverse audiences in a clear and engaging manner.
More articlesKumar is an experienced Tech Journalist with a specialization in the dynamic intersections of AI/ML, marketing technology, and emerging fields such as crypto, blockchain, and NFTs. With over 3 years of experience in the industry, Kumar has established a proven track record in crafting compelling narratives, conducting insightful interviews, and delivering comprehensive insights. Kumar's expertise lies in producing high-impact content, including articles, reports, and research publications for prominent industry platforms. With a unique skill set that combines technical knowledge and storytelling, Kumar excels at communicating complex technological concepts to diverse audiences in a clear and engaging manner.