October 30, 2023

LastPass Breach Results in $4.4 Million Cryptocurrency Theft: Expert Insights and User Recommendations

A recent breach in LastPass, a prominent password manager, led to the loss of over $4 million in digital assets for approximately 25 cryptocurrency users on October 25. The breach was identified by blockchain investigator ZachXBT.

Collaborating with fellow investigator Tayvano, ZachXBT traced the exploit back to December 2022, when LastPass acknowledged the breach.

$4.4 Million Siphoned from LastPass Users

During the initial breach, LastPass reported that hackers had copied a backup of customer vault data. This compromised various user details, including website usernames, passwords, secure notes, and form-filled data.

Subsequently, bad actors targeted wallets linked to crypto users who potentially stored their crucial seed phrases within the platform. Reports suggested that since December, over $35 million had been stolen from more than 150 victims.

In a post dated October 27, Tayvano disclosed that the most recent attack impacted approximately 80 crypto addresses, affecting 25 victims and leading to a collective loss of $4.4 million.

"Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their keys/seeds in LastPass," Tayvano noted.

Advice from Security Experts

Various cryptocurrency security experts have been extending guidance to LastPass users to mitigate further losses resulting from this breach.

Tayvano emphasized the urgency for affected users to "get in touch and FILE AN IC3 RIGHT NOW IF YOU HAVEN’T DONE SO ALREADY." The IC3, Internet Crime Complaint Center, serves as a pivotal platform for reporting cybercrime.

In another post dated October 22 on X, a security expert warned the community that all credentials saved in LastPass around this time last year should be deemed compromised. Consequently, Tayvano urged users to "prioritize rotating your most valuable / oldest secrets + migrating assets today."

Meanwhile, ZachXBT strongly recommended:

"If you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately."

LastPass also advised its users against reusing their master password on other platforms and suggested minimizing risk by altering the passwords of stored websites.

Stay Connected
Join the conversation on 𝕏
Make a Difference
Support our content creators
and help us stay ad-free
BTC: bc1q6nt2u2u539kjgfn5hj8g9f8xk2hnwuudlrlnr9
Cryptocurrency news & learning platform
All Rights Reserved © 2024