- Millions of dollars in cryptocurrency stolen from wallets
- Victims linked to 2022 LastPass hack
- The hack stole encrypted and unencrypted data from the password manager provider.
The hacker responsible for the massive LastPass breach in 2022 has continued his attack using stolen data to extract $5.36 million from 40 crypto wallets.
In the August 2022 hack, the attacker gained access to information that allowed him to subsequently successfully breach a cloud-based storage environment that stored client keys, API tokens, multi-factor authentication (MFA) seeds, and encrypted password vaults. .
While the password vaults were encrypted, the master password used to open them could still be brute-forced if it was weak, reused, or previously leaked, which may be the reason for a series of cryptocurrency thefts against LastPass users since 2022.
The consequences continue
The latest theft is linked to the LastPass breach by a blockchain expert known as ZachXBT (via The block). ZachXBT claims in a Telegram post that this is just the latest in a long line of cryptocurrency thefts affecting victims of the LastPass breach, with $4.4 million stolen in October 2023 and one additional theft of $6.2 in February 2024.
“The stolen funds were exchanged for ETH and transferred to various Ethereum to Bitcoin instant exchanges,” ZachXBT wrote in his Telegram message. “I can’t stress this enough, if you think you’ve ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”
The edge As previously reported, between the time of the breach in August and December 2022, more than $35 million was stolen from 150 apparent victims of the LastPass breach.
These subsequent crypto wallet breaches highlight the importance of using unique passwords for each account and ensuring each password meets recommended password security standards by using one of the best password generators.
Even if you’ve changed your password manager provider since the LastPass breach, any compromised passwords that are still being reused are at risk, as evidenced by these cryptocurrency thefts. It is also recommended to use a strong authentication app that uses biometric verification to protect your accounts even if an attacker knows your username and password.
