header banner
Default

$444 million is stolen from cryptocurrency wallets by a LastPass hacker


Table of Contents

    On Oct. 25, a hacker stole millions of dollars from users who stored their seed phrase details in password manager application LastPass.

    Photo by Markus Spiske on Unsplash

    Posted October 30, 2023 at 1:15 am EST.

    LastPass, a popular password manager application, finds itself at the centre of controversy once again as a hacker stole millions of dollars worth of crypto assets from users’ wallets last week as a result of compromised seed phrases.

    Blockchain sleuths ZachXBT and Tayvano traced the hacker’s movements on Oct 25 and found that around $4.4 million worth of crypto was stolen from 80 distinct addresses belonging to 25 distinct victims.

    Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.

    Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb

    — ZachXBT (@zachxbt) October 27, 2023

    “Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their keys/seeds in LastPass,” wrote Tayvano in a report.

    The incident relates to a security breach first identified in December 2022, when LastPass notified users that an unauthorized party had gained access to a third-party cloud-based storage service in which the firm stored archived backups of data.

    At the time, LastPass said that the threat actor was able to copy customer vault data from the encrypted storage and gained access to website usernames and passwords, secure notes, and form-filled data.

    Although the data was compromised, LastPass CEO Karim Toubba noted that the threat action would need to use brute force to guess master passwords and decrypt copies.

    Toubba estimated that this would be an “extremely difficult” process for threat actors, because of the hashing and encryption methods the firm uses to protect our customers.

    Earlier this year, Unchained reported that a massive wallet draining operation had resulted in $10 million worth of crypto stolen between December 2022 and April 2023. Tayvano, who traced these transactions, later said there was good reason to believe LastPass was the source of the compromise.

    After last week’s activity, it is clear that the exploiter is far from done looting crypto wallets that have had their seed phrases compromised.

    Sources


    Article information

    Author: Anthony Evans

    Last Updated: 1700165761

    Views: 1148

    Rating: 3.7 / 5 (54 voted)

    Reviews: 87% of readers found this page helpful

    Author information

    Name: Anthony Evans

    Birthday: 1958-09-16

    Address: 4938 Frye Mountain Apt. 364, Angelview, HI 24646

    Phone: +4130107734668272

    Job: Electrician

    Hobby: Reading, Card Collecting, Wine Tasting, Cycling, Board Games, Yoga, Skateboarding

    Introduction: My name is Anthony Evans, I am a Open, expert, rich, transparent, capable, Gifted, resolute person who loves writing and wants to share my knowledge and understanding with you.