Crypto Hack Results in Loss of $5.36 Million from LastPass Users
Blockchain analyst ZachXBT has identified over $5.36 million lost in crypto hacks from more than 40 addresses.
According to The Block, the attacks are linked to a “LastPass threat,” believed to have originated from a hacking incident involving the password manager LastPass two years prior.
LastPass Hacking Incident of 2022
In December 2022, hackers accessed sensitive data on LastPass, including customer keys, API tokens, and MFA seeds.
Using this information, cybercriminals executed multiple crypto thefts, with one theft in October 2023 resulting in a loss of $4.4 million.
A subsequent attack in February 2024 led to losses exceeding $6.2 million. By September, total stolen funds reached approximately $35 million, with the latest loss contributing to nearly $45 million. Notably, many LastPass hacks occurred during the holiday season, a time when hackers often exploit consumer vulnerabilities.
ZachXBT reported that the attacker converted all stolen cryptocurrencies into Ethereum #ETH.
The funds were subsequently transferred to various instant exchanges, converting them into Bitcoin #BTC. Users are advised to take precautions to prevent further incidents.
ZachXBT emphasized the importance of migrating assets if users stored their seed phrases or keys in LastPass.
The Security Alliance (SEAL) also warned users about the safety of their private keys and advised transferring assets before further compromises occur.
Approximately $250 million in non-crypto funds has also been siphoned by cybercriminals.
Increase in Crypto Hack Incidents
Significant amounts of funds have been stolen from the crypto market this year. Recently, XT Exchange halted withdrawals after suffering a hack that resulted in a theft of around $1.7 million.
Similar to the LastPass incident, hackers quickly converted stolen funds into 461.58 ETH.
Hackers also compromised Dogwifhat’s X account in November to promote Solana-based tokens, raising concerns about crypto security.
The hacker used the X account to promote various meme coins, including Popwifnut (POPWNUT), Muu (MUU), and DogWifDoge (WIFD), sharing contract addresses to drive demand and increase token prices.
Given the increasing frequency of such attacks, crypto leaders advise users to remain vigilant.