LastPass-linked crypto theft climbs to over $250 million after latest $5.4 million hit

Blockchain investigator ZachXBT has revealed that malicious actors, identified as the “LastPass threat actor,” have siphoned off approximately $5.36 million in cryptocurrencies.

In a Dec. 17 post on his Telegram Channel, ZachXBT stated:

“Today an estimated $5.36M was drained by the LastPass threat actor from 40+ victim addresses. Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin.”

This exploit traces back to a December 2022 security breach, when LastPass disclosed that attackers accessed archived backups of encrypted vault data stored on a third-party cloud platform. At the time, LastPass, a popular password manager, warned that the breach exposed user vault data, including usernames, passwords, and secure notes.

However, LastPass assured users that brute-forcing master passwords would be extremely challenging due to strong encryption protocols.

Despite this claim, recent attacks have shown that the hackers have systematically targeted users who stored their private keys or seed phrases in their LastPass vaults.

Over $250 million now lost

The Security Alliance (SEAL), a team of cybersecurity experts, reported that crypto losses connected to the breach have now exceeded $250 million as of May 2024.

According to SEAL, these attacks could have been prevented as many victims—despite practicing caution—unknowingly placed their digital assets at risk by relying on centralized storage for private keys.

Considering the latest wave of attack, SEAL stated:

“Don’t be a part of the statistic. If you used LastPass in the past and think there’s a chance you stored your private key or seed phrase in your vault, take the time and move all your tokens  [and] transfer ownership of any contracts/multisigs/etc.”

Security experts noted that this incident highlights the dangers of trusting password managers with sensitive crypto-related data. To mitigate further losses, crypto holders must immediately safeguard their assets and reduce exposure to similar vulnerabilities.