- Recent crypto thefts traced back to a LastPass breach in December 2022.
- Over $4.4 million stolen from 80 crypto wallets of 25 LastPass users.
- Victims likely had their seed phrases or private keys compromised.
A recent spate of crypto thefts has been tied back to a breach of the password manager LastPass in December 2022, according to investigators.
Researchers ZachXBT and Tayvano traced over $4.4 million stolen from around 80 crypto wallets belonging to 25 LastPass users. The victims likely had their seed phrases or private keys compromised in the breach.
LastPass hackers slowly draining the funds
LastPass originally reported that usernames, passwords, secure notes, and other data were copied in the hack. Since then, bad actors have slowly drained funds from crypto users who potentially stored sensitive information on the platform.
Prior reports estimated more than $35 million was stolen from 150+ victims stemming from the breach. Tayvano said most of the latest victims confirmed using the password manager to store crypto keys and seeds.
In light of the ongoing thefts, security experts advise immediate action for its users. Tayvano recommends rotating valuable credentials, migrating assets, and reporting any stolen funds to the FBI’s Internet Crime Complaint Center.
ZachXBT also strongly warned LastPass users who may have stored seed phrases to urgently move their crypto holdings to new wallets. Additionally, users should avoid reusing their LastPass master password elsewhere.
The series of crypto thefts highlights the immense risks of storing sensitive wallet information in centralized password managers. As the fallout continues, experts emphasize the need for proper crypto security hygiene to limit potential damage.