LastPass-linked crypto theft climbs to over $250 million after latest $5.4 million hit

By CryptoSlate | Created at 2024-12-17 10:04:58 | Updated at 2024-12-22 01:39:56 4 days ago
Truth

LastPass-linked crypto theft climbs to over $250 million after latest $5.4 million hit LastPass-linked crypto theft climbs to over $250 million after latest $5.4 million hit Oluwapelumi Adejumo · 5 seconds ago · 1 min read

Crypto holders urged to act as attackers leverage 2-years old LastPass breach to drain millions despite strong encryption claims.

1 min read

Updated: Dec. 17, 2024 at 10:03 am UTC

LastPass-linked crypto theft climbs to over $250 million after latest $5.4 million hit

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Join Japan's Web3 Evolution Today

Blockchain investigator ZachXBT has revealed that malicious actors, identified as the “LastPass threat actor,” have siphoned off approximately $5.36 million in cryptocurrencies.

In a Dec. 17 post on his Telegram Channel, ZachXBT stated:

“Today an estimated $5.36M was drained by the LastPass threat actor from 40+ victim addresses. Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin.”

This exploit traces back to a December 2022 security breach, when LastPass disclosed that attackers accessed archived backups of encrypted vault data stored on a third-party cloud platform. At the time, LastPass, a popular password manager, warned that the breach exposed user vault data, including usernames, passwords, and secure notes.

However, LastPass assured users that brute-forcing master passwords would be extremely challenging due to strong encryption protocols.

Despite this claim, recent attacks have shown that the hackers have systematically targeted users who stored their private keys or seed phrases in their LastPass vaults.

Over $250 million now lost

The Security Alliance (SEAL), a team of cybersecurity experts, reported that crypto losses connected to the breach have now exceeded $250 million as of May 2024.

According to SEAL, these attacks could have been prevented as many victims—despite practicing caution—unknowingly placed their digital assets at risk by relying on centralized storage for private keys.

Considering the latest wave of attack, SEAL stated:

“Don’t be a part of the statistic. If you used LastPass in the past and think there’s a chance you stored your private key or seed phrase in your vault, take the time and move all your tokens  [and] transfer ownership of any contracts/multisigs/etc.”

Security experts noted that this incident highlights the dangers of trusting password managers with sensitive crypto-related data. To mitigate further losses, crypto holders must immediately safeguard their assets and reduce exposure to similar vulnerabilities.

Posted In: Crime, Featured

Read Entire Article