An on-chain sleuth says that users of the LastPass password manager application have lost millions of dollars in crypto to threat actors.
The on-chain researcher pseudonymously known as ZachXBT tells his 449,400 followers on the X social media platform that dozens of crypto users were compromised on a single day last week following the LastPass hack.
“Just on October 25, 2023 alone another approximately $4.4 million was drained from 25+ victims as a result of the LastPass hack.
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”
Taylor Monahan, a developer at the popular crypto wallet MetaMask, says that more than 80 crypto addresses owned by over 25 victims were compromised. According to Monahan, the current series of thefts appears to be related to a larger case going as far back as December 2022.
In March, LastPass disclosed that it witnessed two security incidents that allowed the hacker to gain access to customers’ data including account secrets and cryptographic keys.
“The victim profile remains the most striking thing.
They truly all are reasonably secure.
They are also deeply integrated into this ecosystem: employees of reputable crypto organizations, venture capitalists, and people who build decentralized finance (DeFi) protocols, deploy contracts, run full nodes, and have Ethereum Name Service (ENS) names…
It’s also striking that these thefts have NO small victims.
There are NO victims who lost $100 or even $1,000.
The smallest amount stolen from any individual is well over $10,000.”