Trusted

LastPass Security Breach: $4.4 Million in Cryptocurrencies Stolen

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • Around 25 LastPass users lost more than $4 million worth of cryptocurrency on October 25 in a breach that had its roots traced back to December 2022.
  • Malicious actors targeted crypto users who stored their seed phrases on the platform, resulting in more than $35 million stolen from over 150 victims.
  • Security experts within the community have advised LastPass users to migrate their crypto assets immediately.
  • promo

Around 25 crypto users using prominent password manager LastPass lost more than $4 million worth of digital assets on October 25, according to on-chain sleuth ZachXBT.

ZachXBT, in collaboration with fellow investigator Tayvano, traced back the exploit to December 2022, when LastPass confirmed a breach.

$4.4 Million Stolen from LastPass Customers

At the time, LastPass said the hackers copied a backup of its customer vault data. This included information about website usernames and passwords, secure notes, and form-filled data. 

Since then, malicious players have drained wallets belonging to crypto users who might have saved their seed phrases on the platform. Reports had estimated that more than $35 million had been stolen from over 150 victims since December.

An October 27 post from Tayvano revealed that the most recent exploit affected around 80 crypto addresses belonging to these 25 victims. Resulting in a loss of $4.4 million.

LastPass breach
LastPass Hack Victims. Source; ZachXBT

“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their keys/seeds in LastPass,” Tayvano said.

Security Experts Advise on Next Actions

Several crypto security experts have been advising LastPass users on mitigating further losses from the event.

Tayvano said users who have had their wallets drained should “get in touch and FILE AN IC3 RIGHT NOW IF YOU HAVEN’T DONE SO ALREADY.” The IC3, short for Internet Crime Complaint Center, is a central hub for reporting cybercrime.

In a separate October 22 post on X, the security expert reminded the community that every credential they had in LastPass at this time last year should be considered compromised. Due to this, Tayvano urged the community to “prioritize rotating your most valuable / oldest secrets + migrating assets today.”

Meanwhile, ZachXBT strongly advised that:

“If you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”

LastPass further advised its users never to reuse their master password on other websites and also minimize risk by changing the passwords of websites they have stored. 

Read More:  Top 9 Telegram Channels for Crypto Signals in 2023

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Oluwapelumi-Adejumo.png
Oluwapelumi Adejumo
Oluwapelumi Adejumo is a journalist at BeInCrypto, where he reports on a broad range of topics including Bitcoin, crypto exchange-traded funds (ETFs), market trends, regulatory shifts, technological advancements in digital assets, decentralized finance (DeFi), blockchain scalability, and the tokenomics of emerging altcoins. With over three years of experience in the industry, his works have been featured in major crypto media outlets such as CryptoSlate, Coinspeaker, FXEmpire, and Bitcoin...
READ FULL BIO
Sponsored
Sponsored