LastPass hackers drained $12.4m ETH from 100+ wallets: ZachXBT

12/17/2024 23:55
LastPass hackers drained $12.4m ETH from 100+ wallets: ZachXBT

The 2022 LastPass data breach has allowed threat actors to steal 12.38 million from users in a new attack.

LastPass hackers drained $12.4m ETH from 100+ wallets: ZachXBT

The 2022 LastPass data breach has allowed threat actors to steal 12.38 million from users in a new attack.

According to blockchain sleuth ZachXBT, the LastPass hackers stole millions in Ethereum (ETH) from over 100 wallet addresses between Dec. 16 and Dec. 17. The criminals quickly swapped the ill-gotten wealth from ETH to Bitcoin (BTC), using multiple instant exchanges. A list of affected addresses may be found here.

LastPass is a password management service for securing cryptocurrency wallets. The startup suffered two hacks in 2022 – once in August and again in October – resulting in unauthorized access to customer keys, API tokens, multi-factor authentication seeds, and other sensitive security information.

In January 2023, users slapped LastPass with a class action lawsuit. The complaint alleged the provider failed to protect user data, and adopted lax security protocols.

Turbulent times persisted for the company as bad actors leveraged stolen data to execute staggered crypto heists. A crypto holder blamed LastPass for a $50,000 theft in April 2023, per crypto.news reporting. Later in October, 25 victims lost $4.4 million to wallet drainers. LastPass again came under fire for the breach.

The latest incident raised questions about future LastPass-tied attacks, since criminals continued to leverage info stolen in 2022. It also reminded the larger crypto community of existing security threats. 

MetaMask developer Taylor Manohan urged users to migrate funds to new wallets if they’ve used LastPass before. A white hat coalition called Security Alliance, or SEAL ORG, also notified users that crypto assets may be at risk if action isn’t taken.

⚠️ Reminder that if you ever stored your private keys or seed phrases in LastPass prior to 2023, your funds might be at risk. We've seen 15+ cases of potential LastPass-related hacks TODAY

Move your assets before hackers move them for you. For more information, keep reading🧵

— Security Alliance (@_SEAL_Org) December 16, 2024

Read more --->