Estimates in September revealed that at least $35 million in crypto has been stolen from victims of the LastPass breach since 2022, with the latest hack adding to the toll. At least 25 people have reportedly seen $4.4 million in crypto...
In an Oct. 27 X (Twitter) post, pseudonymous on-chain researcher ZachXBT said they and MetaMask developer Taylor Monahan tracked the fund movements of at least 80 wallets compromised on Oct. 25.
“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass,” Monahan said in an accompanying Chainabuse report.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.— ZachXBT (@zachxbt) October 27, 2023
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
Also stolen was a backup of encrypted customer vault data which LastPass warned could be decrypted if the attacker brute force guesses the account’s master password.
In a September blog post, cybersecurity journalist Brian Krebs reported some of the LastPass customer vaults had seemingly been cracked and over $35 million worth of crypto had been stolen from around 150 victims.
In his latest X post, ZachXBT advised anyone who ever stored a wallet seed or private key in LastPass to “migrate your crypto assets immediately.”