Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
— ZachXBT (@zachxbt) October 27, 2023
Around 25 people are said to have been victims of a $4.4 million bitcoin scam that compromised 80 wallets.
The incident, which occurred in 2022, was caused by flaws in the password storing software LastPass.
On October 27, a pseudonymous on-chain researcher known as ZachXBT and MetaMask developer Taylor Monahan announced their tracking of the illicit fund movements across the compromised wallets in a Twitter post.
Monahan noted that the majority of the victims were long-time LastPass users who admitted to keeping their crypto wallet keys or seeds within the affected software.
The heist, which took place on October 25, 2023, resulted in the theft of about $4.4 million from over 25 victims of the LastPass attack.
The gravity of the situation caused ZachXBT to issue a severe warning, encouraging everyone who may have entrusted their seed phrases or keys to LastPass to transfer their crypto assets to more secure storage as soon as possible.
This worrying situation began in December 2022, when LastPass publicly stated that an intruder had utilized information stolen during an August breach.
The attacker used this data breach to target a LastPass employee, stealing their passwords and successfully decrypting stored client data.
A backup of encrypted client vault data was among the stolen assets, with LastPass warning that this material may be decrypted if the attacker used brute-force guessing of the account’s master password.
The ramifications of this compromise became frighteningly clear in September, when cybersecurity journalist Brian Krebs disclosed that many LastPass customer vaults had been allegedly breached, resulting in the theft of over $35 million in cryptocurrency from about 150 victims.
The backlash from this security blunder continued into January, when LastPass was named in a class-action lawsuit.
Affected individuals filed a complaint alleging that the August 2022 breach resulted in the theft of around $53,000 in Bitcoin (BTC).
In his most recent post, ZachXBT advised those who had ever committed their wallet seed or private keys to LastPass to “migrate your crypto assets immediately.”
His statements emphasize the essential need of preserving one’s digital assets in the face of persistent cyber threats.