Crypto thieves steal $4.4M per day as LastPass breach charges rise

A data breach in 2022 resulted in at least 25 people reportedly taking $4.4 million worth of crypto from 80 wallets.

In an Oct. 27 X (Twitter) post, anonymous on-chain researcher ZackXBT said they and MetaMask developer Taylor Monahan tracked the financial activity of at least 80 wallets that were hacked on Oct. 25.

“Most, if not all, of the victims are long-time LastPass users and/or have stored their [crypto wallet] keys/seeds in LastPass,” Monahan said in a ChinaBuzz report.

Just on October 25, 2023 alone, another ~$4.4M was leaked from 25+ victims due to the LastPass hack.

You can't stress this enough, if you believe you may have stored your genealogy or keys in LastPass, liquidate your crypto assets immediately. pic.twitter.com/26HsxrlnCb

— ZachXBT (@zachxbt) October 27, 2023

In December 2022, LastPass released information that an attacker used last August to target LastPass employees, stealing their credentials and decrypting stored customer information.

Also stolen was an encrypted customer vault data backup that LastPass warned could be unlocked if an attacker guessed the account's master password.

RELATED: Blockchain congestion and transaction queues actually prevent ‘pregnant actors': study

In a September blog post, cybersecurity journalist Brian Krebs reported that some LastPass customer vaults were apparently breached and more than $35 million worth of crypto was stolen from 150 victims.

In January, LastPass was hit with a class-action lawsuit from individuals who claimed they were robbed of roughly $53,000 worth of Bitcoin (BTC) in the August 2022 breach.

In the last X post, ZachXBT advised anyone who has stored a wallet seed or private key in LastPass to “immediately migrate your crypto assets.”

Magazine: Deposit Risk: What do crypto exchanges do with your money?