The 2022 LastPass data breach allowed threat actors to steal 12.38 million users in a new attack.
According to blockchain investigator ZachXBT, LastPass hackers stole millions of Ethereum (Ethereum) from over 100 wallet addresses between December 16 and 17. The criminals quickly exchanged the illicit wealth from ETH to Bitcoin (Bitcoin), using multiple spot exchanges. A list of affected titles can be found here.
LastPass is a password management service for securing cryptocurrency wallets. The startup suffered two hacks in 2022 — once in August and again in October — that resulted in unauthorized access to customer keys, API tokens, multi-factor authentication seeds, and other sensitive security information.
In January 2023, users filed a class action lawsuit against LastPass. The complaint alleged that the provider failed to protect user data and adopted lax security protocols.
Troubled times continued for the company as bad actors took advantage of stolen data to carry out staggered cryptocurrency heists. Encryption holder Blame LastPass was accused of stealing $50,000 in April 2023, crypto.news reports. Later in October, 25 victims lost $4.4 million due to wallet drain. LastPass came back Under fire To violate.
The latest incident has raised questions about future attacks linked to LastPass, as criminals continue to profit from stolen information in 2022. It also reminded the larger cryptocurrency community of current security threats.
MetaMask developer Taylor Manohan urge Users can migrate funds to new wallets if they have used LastPass before. The white hat Security Alliance, or SEAL ORG, has also notified users that crypto assets may be at risk if action is not taken.