Around 25 individuals have reportedly lost $4.4 million in cryptocurrency from a total of 80 wallets, all due to the 2022 data breach that affected the password storage software LastPass.
On October 27, in a Twitter post, the on-chain sleuths ZachXBT, along with MetaMask developer Taylor Monahan, reported that they’ve tracked the movement of funds from at least 80 compromised wallets that were targeted on October 25. They also mentioned that many of the victims were long-time LastPass users who had stored their cryptocurrency wallet keys or seeds on the platform.
Here’s all of the related addresses myself and @tayvano_ collected from Oct 25. https://t.co/hsXaUi8Fhg
If you suspect you were already a victim of the LastPass hack send a DM with the txn hashes of the theft.
— ZachXBT (@zachxbt) October 27, 2023
This security breach has been affecting LastPass since last year and continues to impact its users. In September, it was discovered that at least $35 million in cryptocurrency had been stolen from approximately 150 victims affected by the platform’s security breach that occurred in 2022.
LastPass, in its usual function, is a popular password manager designed to secure users’ login credentials. The attack on it involved unauthorized access to user accounts, with a focus on obtaining seed phrases and wallet keys used for cryptocurrency storage, indicating that they were primarily interested in exfiltrating cryptocurrencies.
However, in a blog post in December 2022, LastPass disclosed that an attacker had used previously stolen information to target an employee, gaining access to their credentials and decrypting customer data. The attack on LastPass allowed the hacker to gain access to the corporate laptop of a software
Read more on cryptonews.com