LastPass Users Experience a Loss of $4.4 Million from Crypto Wallets in a Single Day
In Brief
Cyber thieves have stolen an estimated $4.4 million in cryptocurrency from LastPass wallets, affecting 80 different addresses.
The controversy around LastPass is escalating as reports emerge that hackers have siphoned off about $4.4 million in cryptocurrency from 80 unique addresses, impacting around 25 victims.
This incident traces back to a data breach from 2022 that directly compromised LastPass, a leading password management platform. Cybersecurity analysts ZachXBT and Tayvano diligently tracked the hacker's actions on October 25th.
Just on October 25, 2023 alone another $4.4M was drained from 25+ victims as a result of the LastPass hack.
— ZachXBT (@zachxbt) October 27, 2023
It's crucial to reiterate: if you ever saved your seed phrases or keys in LastPass, it's imperative to transfer your crypto holdings as soon as possible. pic.twitter.com/26HsxrlnCb
LastPass operates under the umbrella of GoTo, a U.S.-based IT services firm.
The origins of this latest security breach can be linked to a prior incident in December 2022, when LastPass informed its users about an unauthorized access event. During that notification, the company revealed that an external entity had breached a third-party cloud storage solution used for safeguarding archived data backups.
As the investigation progressed, LastPass disclosed that the attacker had successfully replicated customer vault data from their encrypted storage, gaining access to sensitive details such as usernames and passwords, secure notes, and information from filled forms.
Following the breach, LastPass CEO Karim Toubba emphasized that the perpetrator would face significant hurdles in decoding the encrypted data, highlighting that brute force methods would be necessary to decipher the master passwords.
Toubba further noted the complex security layers established by the firm, which complicates any attempts at decryption for potential hackers.
It's Advisable to Transfer Your Crypto Assets
In a fresh update, expert ZachXBT strongly urges anyone who has ever stored a wallet seed or private key in LastPass to promptly relocate their crypto assets to a more secure environment ('migrate your crypto assets immediately').
In a recent blog post As reported by cybersecurity journalist Brian Krebs, certain customer vaults within LastPass have been compromised, leading to the apparent theft of over $35 million in cryptocurrency from around 150 users.
Earlier this year, LastPass faced a class-action lawsuit from multiple individuals claiming that the August 2022 breach resulted in the loss of approximately $53,000 in Bitcoin.
Disclaimer
In line with the Trust Project guidelines Please be informed that the content on this page is not intended to serve as, and should not be perceived as, legal, financial, investment, or any form of advice. It's essential to invest only what you can afford to lose and to seek independent financial counsel if you have any doubts. For further details, we recommend reviewing the terms and conditions, along with the help and support resources offered by the issuer or advertiser. MetaversePost is dedicated to delivering precise and impartial reporting; however, market dynamics may shift unexpectedly.
