At the least 25 folks have reportedly seen $4.4 million in crypto drained from throughout 80 wallets attributable to a 2022 information breach that impacted password storage software program LastPass.
In an Oct. 27 X (Twitter) submit, pseudonymous on-chain researcher ZachXBT stated they and MetaMask developer Taylor Monahan tracked the fund actions of at the very least 80 wallets compromised on Oct. 25.
“Most, if not all, of the victims are longtime LastPass customers and/or affirm having saved their [crypto wallet] keys/seeds in LastPass,” Monahan stated in an accompanying Chainabuse report.
Simply on October 25, 2023 alone one other ~$4.4M was drained from 25+ victims because of the LastPass hack.
Can not stress this sufficient, when you consider you’ll have ever saved your seed phrase or keys in LastPass migrate your crypto belongings instantly. pic.twitter.com/26HsxrlnCb
— ZachXBT (@zachxbt) October 27, 2023
In December 2022, LastPass disclosed an attacker leveraged info beforehand stolen in a breach that August to target a LastPass employee, snagging their credentials and decrypting saved buyer info.
Additionally stolen was a backup of encrypted buyer vault information which LastPass warned might be decrypted if the attacker brute pressure guesses the account’s grasp password.
In a September weblog post, cybersecurity journalist Brian Krebs reported among the LastPass buyer vaults had seemingly been cracked and over $35 million value of crypto had been stolen from round 150 victims.
In his newest X submit, ZachXBT suggested anybody who ever saved a pockets seed or non-public key in LastPass to “migrate your crypto belongings instantly.”