LastPass Breach Leads to $5.36M Theft from 40 Wallets


The effects of LastPass’ cyber attack that was recorded in 2022 are now affecting those who hold cryptocurrencies as over $5.36 million was stolen. This was discovered by blockchain detective ZachXBT, who shared that the “LastPass threat actor” attacked more than 40 addresses in the latest heist.

The Latest Attack: $5.36 Million Stolen

ZachXBT said in an update on December 17 that the stolen funds were converted into Ethereum and then transferred to different instant exchanges and then back to Bitcoin. This attack is from the sequence of attacks resulting from the December 2022, LastPass breach where attackers gained access to the encrypted vault data which was backed up to an unknown cloud platform.

Still, at that time, LastPass gave its users the guarantee that their master passwords were encrypted with high levels of security, which in turn rendered the chances of the hackers pulling off brute force attacks very difficult. 

Despite that, the hackers have acted systematically, targeting users who stored their cryptocurrency private keys or seed phrases in their LastPass vaults.

Rising Losses: Over $250 Million Compromised

The collective losses resulting from the LastPass hacks are estimated to be in excess of $250 million by May 2024, according to the cybersecurity organization Security Alliance (SEAL). Past attacks have been performed as large-scale thefts and they include $6.2 million in February 2024 and $4.4 million in October 2023.

The attackers have been capitalizing on the opportunities with several attacks coinciding with the holiday seasons with Christmas just a week away as people are likely to fall prey to fake promotions and other festive bonuses.

Users of LastPass are encouraged to move their assets now to other storage if they think they have their private keys or seed phrases saved in LastPass vaults.

Lessons Learned: The Dangers of Storing Data in One Place

This constant threat attack has shown the risks associated with centralized password managers for important blockchain data. Of course, LastPass boasts that it encrypts users’ data, and in this case, even encrypted data is not safe, at least if taken en masse.

To mitigate future risks, crypto holders are advised to never keep your private keys or seed phrases on any central platforms online and move to using secure hardware-based systems like hardware wallets.

Never Miss a Beat in the Crypto World!

Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.



Source link