Around 25 individuals have allegedly fallen victim to a cryptocurrency heist amounting to a staggering $4.4 million, compromising 80 wallets.
The breach, which transpired in 2022, was attributed to vulnerabilities in the password storage software, LastPass.
On October 27, in a Twitter post, a pseudonymous on-chain researcher known as ZachXBT and MetaMask developer Taylor Monahan jointly revealed their tracking of the illicit fund movements across the compromised wallets.
Monahan pointed out that most of the victims had been long-standing users of LastPass and admitted to storing their crypto wallet keys or seeds within the compromised software.
The heist, which unfolded on October 25, 2023, alone resulted in the siphoning of approximately $4.4 million from over 25 victims who had fallen prey to the LastPass hack.
The severity of the situation prompted a stern warning from ZachXBT, urging anyone who may have entrusted their seed phrases or keys to LastPass to immediately transfer their crypto assets to more secure storage.
This troubling incident traces its origins back to December 2022 when LastPass publicly disclosed that an assailant had exploited information pilfered during a breach in August.
This data breach allowed the attacker to target a LastPass employee, acquiring their credentials and successfully decrypting stored customer data.
READ MORE; Bitcoin Holds Steady at $34,000 Amidst Growing Macro Asset Comparisons
Among the stolen assets was a backup of encrypted customer vault data, with LastPass sounding the alarm that this data could be decrypted if the attacker engaged in a brute-force guessing of the account’s master password.
The repercussions of this breach became shockingly evident when cybersecurity journalist Brian Krebs reported in September that several LastPass customer vaults had been seemingly breached, leading to the theft of over $35 million in crypto from approximately 150 victims.
The fallout from this security debacle extended into January when LastPass found itself embroiled in a class-action lawsuit.
The lawsuit, filed by affected individuals, alleged that the August 2022 breach had resulted in the theft of roughly $53,000 worth of Bitcoin (BTC).
In his most recent post, ZachXBT offered a final piece of advice to those who had ever entrusted their wallet seed or private keys to LastPass: “migrate your crypto assets immediately.”
The urgency of his words underscores the critical importance of safeguarding one’s digital assets in the face of relentless cyber threats.
Discover the Crypto Intelligence Blockchain Council
