LastPass customers suffer $4.4 million in crypto theft as a result of breach
About 25 crypto users lost digital assets worth more than $4 million on October 25 using the popular password manager LastPass, according to a report from the chain ZachXBT.
ZachXBT, along with fellow researcher Taivano, traced the exploit back to December 2022, when LastPass confirmed the breach.
4.4 million dollars were stolen from LastPass customers
During that time, the LastPass hackers copied a backup copy of the customer's store information. This includes information about website usernames and passwords, secure notes and form-filled data.
Since then, malicious players have drained the wallets of crypto users who put their pedigrees on the platform. Reports indicate that more than 150 victims have been robbed of more than $35 million since December.
Read more: Best Crypto Signup Bonuses in 2023
A post on Oct. 27 on Taiwano revealed that the most recent exploit affected 80 crypto addresses belonging to these 25 victims. This resulted in a loss of $4.4 million.
“Most, if not all, of the victims are long-time LastPass users and/or confirm that they have stored their keys/passwords in LastPass,” Taivano said.
Security experts advise on further actions
Several crypto security experts have been advising LastPass users on mitigating further losses from the event.
According to Taivano, users who have leaked their wallets should “contact and file an IC3 if you haven't done so now.” IC3, short for Internet Crime Complaint Center, is a central hub for reporting cybercrime.
In a separate Oct. 22 post on X, the security expert warned the community that every credential they had in LastPass this time last year should be considered compromised. Because of this, Taivano urges the community to “prioritize driving your most valuable / ancient secrets + migration assets.”
Meanwhile, ZachXBT strongly advises:
“If you believe you may have stored your genealogy or keys in LastPass, liquidate your crypto assets immediately.”
LastPass advises its users to never use their master password on other websites and to minimize risk by changing the passwords of websites they store.
Read more: Best 9 Telegram Channels for Crypto Signals in 2023
Disclaimer
Adhering to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news report aims to provide accurate and up-to-date information. However, readers are advised to independently verify facts and consult with professionals before making any decisions based on this content.