LastPass Data Breach Leads to $4.4M Crypto Loss from 80 Wallets
Summary:
Following a 2022 data breach affecting password storage software LastPass, about $4.4m in cryptocurrency was reportedly drained from over 80 wallets. The breach led to an attacker accessing an employee's credentials and customer data. The incident reportedly resulted in the theft of over $35m in crypto from approximately 150 victims. Investigations and legal actions have followed, with experts advising users to securely relocate their crypto assets.
A data breach in 2022 that affected the password storage software LastPass has allegedly led to the loss of $4.4 million in cryptocurrency from over 80 wallets, as reported by at least 25 people. Investigating the situation, on-chain researcher ZachXBT and MetaMask developer Taylor Monahan traced the fund flow of about 80 hacked wallets on October 25. In a report filed with Chainabuse, Monahan revealed that most of the affected were long-time users of LastPass, with several admitting they stored their crypto wallet keys on the software. An additional $4.4 million was siphoned from over 25 accounts due to the LastPass hack on October 25, 2023 alone.
The security incident in December 2022 saw an attacker manipulating previously stolen data from an August breach to target a LastPass employee, thereby obtaining their credentials and deciphering customer data that was stored. The attacker also got hold of a backup of customer vault data, which LastPass cautioned could be decoded if the account's master password was forcefully guessed correctly.
Cybersecurity journalist Brian Krebs stated in a September blog post that some LastPass customer vaults seemed to have been hacked, resulting in theft of more than $35 million in crypto from roughly 150 victims. In January, a class-action lawsuit was lodged against LastPass by people arguing that the August 2022 breach led to the theft of around $53,000 worth of Bitcoin
ZachXBT suggested in his most recent post that anyone who has ever saved a wallet seed or private key in LastPass should promptly move their crypto assets to a safer location.
Published At
10/30/2023 1:52:19 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.