[ad_1]
A minimum of 25 individuals reported losses totaling $4.4 million from 80 different cryptocurrency wallets, all linked to a data breach that affected the password management software, LastPass, back in 2022.
On October 27th, in a tweet on Twitter, an on-chain researcher who goes by the pseudonym ZachXBT, along with MetaMask developer Taylor Monahan, meticulously tracked the movements of funds from over 80 compromised wallets, all of which had been compromised on October 25th.
It’s worth noting that most, if not all, of the victims were long-time users of LastPass, many of whom confirmed that they had stored their cryptocurrency wallet keys and seeds within the LastPass system. This information was disclosed in a report by Chainabuse.
In December of 2022, LastPass disclosed that an attacker had leveraged information stolen during a breach in August to target one of their employees. The attacker managed to obtain the employee’s credentials and decrypt the stored customer information. Additionally, a backup of encrypted customer vault data was stolen, and LastPass issued a warning that it could potentially be decrypted if the attacker attempts to brute force the account’s master password.
In a blog post in September, cybersecurity journalist Brian Krebs reported that some of the LastPass customer vaults had been breached, resulting in the theft of over $35 million in cryptocurrency from approximately 150 victims.
By January, LastPass found itself facing a class-action lawsuit, with individuals claiming that the breach in August 2022 had led to the theft of around $53,000 worth of Bitcoin (BTC), equivalent to $34,581.
In his recent post, ZachXBT advised anyone who had ever stored a wallet seed or private key in LastPass to take immediate action and migrate their cryptocurrency assets to a more secure location.
[ad_2]