More than two dozen victims of last year’s LastPass breach saw $4.4 million in cryptocurrency vanish within a mere 24 hours on Oct. 25, cybersecurity experts confirmed.
Cryptocurrency traders and holders storing sensitive information on LastPass best move quickly, blockchain developer ZachXBT warned, who reported the hacker theft on X, formerly known as Twitter.
“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT said.
MetaMask developer Taylor Monahan also confirmed the multi-million dollar theft — which included multiple blockchains like Bitcoin, Ethereum, BNB, Arbitrum, Solana, and Polygon — in a report on Chainabuse.
Monahan reminded users that this case dates back to December 2022, when a hacker breached LastPass, accessing customer data.
The MetaMask developer emphasized that any user who suspects their funds have been illicitly transferred to any of the flagged addresses in the Chainabuse report should immediately reach out to their local authorities and file an IC3 report.
LastPass Breach Thefts Near $40 Million, Hackers Keep Coming
This latest heist increases the previously substantial sum of over $35 million pilfered in prior incidents — as reported by cybersecurity journalist Brian Krebs — now pushing the cumulative losses close to $40 million.
LastPass — a platform dedicated to storing and encrypting user passwords — has had a rough run as of late. After it had fallen victim to the critical breach in December of last year, it was later revealed in August that hackers targeted an employee, successfully stealing their login details, as well as LastPass’s company source code and other technical information.
The combination of past vulnerabilities and user trust has proven costly, in this case, because at least 80 cryptocurrency wallets have been compromised in connection with the hacks, ZachXBT and Monahan added.
The trouble did not stop there, however. Two months ago, in September, LastPass said 87 of its employees were also targeted in a convincing phishing campaign.
Taking Precautionary Measures
Cryptocurrency wallets are a tantalizing prize for cybercriminals. In Feb. 2022, experts observed hackers moving an incredible sum of $3.6 billion in inactive, stolen Bitcoin. Acquiring a private key bestows hackers with unfettered access to the funds within, which is why password managers like LastPass and unsecured devices mean easy money for cybercriminals.
VPNOverview strongly recommends considering high-quality hardware wallets (here are CoinMarketCap’s latest nods) to store cryptocurrency for added protection against potential breaches. We also strongly advise against storing critical crypto seed phrases and passkeys digitally. Instead, store them on a piece of paper, in a secure location.
You can also read our crypto scams guide and find out how to protect yourself from typical digital asset scams being orchestrated at the moment.
Finally, if you use LastPass — which we’ve reviewed and found user-friendly but too risky — consider one of our more secure password manager alternatives instead. We’re big advocates of NordPass and 1Password.
For more news, follow us on X (Twitter), Threads, and Mastodon!
