As a seasoned researcher with a keen eye for cybersecurity threats and a heart heavy with the tales of countless victims, I cannot help but feel a deep sense of dismay upon learning about yet another incident involving LastPass. The 2024 data breach, which has resulted in the theft of millions in cryptocurrency, is a stark reminder of the ever-present danger lurking in the digital realm.
As an analyst, I’m reporting on the recent data breach at LastPass in 2022. This incident has given cybercriminals an opportunity to pilfer approximately 12.38 million user funds in a fresh assault.
Based on investigations by ZachXBT, it’s been discovered that hackers, between December 16 and December 17, managed to steal millions in Ethereum (ETH) from more than 100 digital wallets. These thieves then swiftly exchanged the stolen assets from ETH to Bitcoin (BTC), utilizing numerous instant exchange platforms. A compiled list of affected wallet addresses can be found here.
In simpler terms, LastPass is a service that helps users manage their passwords, specifically for cryptocurrency wallets. Unfortunately, this service experienced two security breaches in 2022 – first in August and then again in October. These breaches allowed unauthorized individuals to gain access to customer’s private keys, API tokens, multi-factor authentication seeds, and other confidential security details.
In January 2023, a collective legal action was filed against LastPass. The claim stated that the company did not adequately secure user data and implemented weak security measures.
The company continued to face challenging circumstances as malicious individuals utilized stolen data to carry out a series of cryptocurrency thefts. A report by crypto.news in April 2023 claimed that a user lost $50,000 and accused LastPass of being responsible for the theft. Later in October, thieves drained $4.4 million from 25 different accounts, leading to further criticism of LastPass due to the security breach.
The recent event has sparked concerns about potential future cyber-attacks linked to LastPass, as criminals are still exploiting data stolen in 2022. This incident serves as a reminder within the broader cryptocurrency community about ongoing security risks.
Taylor Manohan, a developer for MetaMask, recommended users transfer their funds to fresh wallets if they’ve previously utilized LastPass. Additionally, a security group known as the Security Alliance, or SEAL ORG, alerted users that their crypto assets could potentially be jeopardized unless appropriate action is taken.
🔔 Important notice: If you kept your private keys or recovery phrases in LastPass before 2023, there’s a risk to your funds. Today alone, we’ve observed over 15 potential hacking incidents involving LastPass.
— Security Alliance (@_SEAL_Org) December 16, 2024
Read More
- AI16Z PREDICTION. AI16Z cryptocurrency
- POL PREDICTION. POL cryptocurrency
- Crypto ETPs hit $44.5b in YTD inflows amid Bitcoin surge
- Hong Kong Treasury says crypto is not a ‘target asset’ for its Exchange Fund
- Li Haslett Chen to Leave Warner Bros. Discovery Board
- SEN PREDICTION. SEN cryptocurrency
- Blockaid new dashboard to track Web3 activity and threats
- Kakele Online unleashes its biggest update yet with the Orcs of Walfendah
- Shiba Inu, Bonk, Pepe prices rebound: Beware of dead cat bounce
- Springfield man is convicted for using crypto to finance ISIS operations
2024-12-17 20:02