See More

LastPass Security Breach: $4.4 Million in Cryptocurrencies Stolen

2 mins
Updated by Ryan James
Join our Trading Community on Telegram

In Brief

  • Around 25 LastPass users lost more than $4 million worth of cryptocurrency on October 25 in a breach that had its roots traced back to December 2022.
  • Malicious actors targeted crypto users who stored their seed phrases on the platform, resulting in more than $35 million stolen from over 150 victims.
  • Security experts within the community have advised LastPass users to migrate their crypto assets immediately.
  • promo

Around 25 crypto users using prominent password manager LastPass lost more than $4 million worth of digital assets on October 25, according to on-chain sleuth ZachXBT.

ZachXBT, in collaboration with fellow investigator Tayvano, traced back the exploit to December 2022, when LastPass confirmed a breach.

$4.4 Million Stolen from LastPass Customers

At the time, LastPass said the hackers copied a backup of its customer vault data. This included information about website usernames and passwords, secure notes, and form-filled data. 

Since then, malicious players have drained wallets belonging to crypto users who might have saved their seed phrases on the platform. Reports had estimated that more than $35 million had been stolen from over 150 victims since December.

An October 27 post from Tayvano revealed that the most recent exploit affected around 80 crypto addresses belonging to these 25 victims. Resulting in a loss of $4.4 million.

LastPass breach
LastPass Hack Victims. Source; ZachXBT

“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their keys/seeds in LastPass,” Tayvano said.

Security Experts Advise on Next Actions

Several crypto security experts have been advising LastPass users on mitigating further losses from the event.

Tayvano said users who have had their wallets drained should “get in touch and FILE AN IC3 RIGHT NOW IF YOU HAVEN’T DONE SO ALREADY.” The IC3, short for Internet Crime Complaint Center, is a central hub for reporting cybercrime.

In a separate October 22 post on X, the security expert reminded the community that every credential they had in LastPass at this time last year should be considered compromised. Due to this, Tayvano urged the community to “prioritize rotating your most valuable / oldest secrets + migrating assets today.”

Meanwhile, ZachXBT strongly advised that:

“If you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”

LastPass further advised its users never to reuse their master password on other websites and also minimize risk by changing the passwords of websites they have stored. 

Read More:  Top 9 Telegram Channels for Crypto Signals in 2023

Top crypto platforms in the US | March 2024



All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Oluwapelumi Adejumo
Oluwapelumi believes Bitcoin and blockchain technology have the potential to change the world for the better. He is an avid reader and began writing about crypto in 2020.