In the wake of the 2022 LastPass data breach, yet another hack has come to light with a theft of $4.4 million in cryptocurrency across 80 wallets, impacting at least 25 individuals.
This recent cyber attack brings the total stolen funds since the breach to a staggering $35 million, as reported in September. On-chain researcher ZachXBT, in collaboration with MetaMask developer Taylor Monahan, disclosed on Oct. 27 that they tracked the compromised wallet activities from Oct. 25. Monahan highlighted that the majority of the victims were either seasoned LastPass users or had stored their crypto wallet keys in LastPass.
LastPass, a password storage software, announced in December 2022 that a cybercriminal had exploited data from an earlier breach in August to target and deceive a LastPass employee. This resulted in the hacker gaining access to and decrypting user information. Alarmingly, encrypted customer vault backups were also pilfered. LastPass cautioned that these could be decrypted if the cybercriminal successfully brute-forced the master password.
In connection to the breach, Brian Krebs, a cybersecurity journalist, stated in September that many LastPass vaults had been compromised, leading to a theft of over $35 million in cryptocurrency from roughly 150 victims. Further intensifying the crisis for LastPass, a class-action lawsuit was filed in January accusing the company of enabling the theft of Bitcoin worth about $53,000 due to the August breach.
Users are now urgently advised to transfer their crypto assets if they have ever stored their wallet seed or private key within LastPass.