LastPass threat actor drains $5.4 million in crypto from over 40 victim addresses: ZachXBT
Quick Take
- Around $5.36 million was stolen from over 40 victim addresses in a hack linked to the 2022 LastPass security breach, according to blockchain sleuth ZachXBT.
An estimated $5.36 million was stolen in crypto from over 40 wallet addresses in the latest exploit from attackers identified as the “LastPass threat actor,” according to blockchain sleuth ZachXBT.
“Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin,” ZachXBT wrote in his Telegram group message.
The security breach is said to have originated from the 2022 hacking incidents in the password manager service LastPass. In these incidents, attackers stole vast amounts of data, including customer keys, API tokens and MFA seeds.
This theft of sensitive customer data from LastPass had already led to two batches of cryptocurrency hacks, which ZachXBT identified—one in October 2023, which stole $4.4 million and another in February this year, which resulted in losses of over $6.2 million.
“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote in an X post last year.
“A year has passed since initial claims surfaced alleging a link between certain cryptocurrency thefts and the 2022 LastPass security incidents,” LastPass Chief Secure Technology Officer Christofer Hoff said. “In that time, LastPass has investigated these claims and to date is not aware of any conclusive evidence that directly connects these crypto thefts to LastPass. Because we take any claims regarding the security of LastPass and our customers seriously, we continue to invite any security researchers who believe they may have evidence to contact the LastPass Threat Intelligence team.”
Updated with comment from LastPass.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.