SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

LastPass Breach Fallout: $5.36M Stolen in Latest Crypto Heist

Paige Henley
Paige Henley Editor
Published on: December 19, 2024
Paige Henley Paige Henley
Published on: December 19, 2024 Editor

In August 2022, LastPass, a prominent password manager, experienced a significant security breach that continues to impact its users. Recent reports reveal that hackers have exploited data from this breach to steal substantial cryptocurrency funds from LastPass users.

According to blockchain investigator ZachXBT, over $5.36 million has been stolen from more than 40 cryptocurrency wallets linked to the 2022 LastPass breach. These funds were converted into Ethereum (ETH) and then transferred to various exchanges, ultimately being exchanged for Bitcoin.

This incident is part of a series of cryptocurrency thefts connected to the LastPass breach. In October 2023, approximately $4.7 million was stolen, followed by an additional $6.4 million in February 2024. The cumulative losses from these attacks have now exceeded $16 million, affecting over 100 victims.

The initial breach in 2022 allowed attackers to access both encrypted and unencrypted data from LastPass’s storage. While sensitive information such as usernames and passwords was encrypted, other data, including website URLs, remained unencrypted. The security of the encrypted data largely depended on the strength of users’ master passwords.

In response to the recent thefts, LastPass’s Chief Secure Technology Officer, Christofer Hoff, responded by saying the issue isn’t related to the popular password manager.

“A year has passed since initial claims surfaced alleging a link between certain cryptocurrency thefts and the 2022 LastPass security incidents,” said Hoff. “In that time, LastPass has investigated these claims and to date is not aware of any conclusive evidence that directly connects these crypto thefts to LastPass.”

Security experts advise users who may have stored cryptocurrency seed phrases or private keys in LastPass to take immediate action. This includes migrating crypto assets to new wallets, changing all passwords, and ensuring that new passwords are strong and unique. Additionally, users should enable two-factor authentication wherever possible to enhance account security.

About the Author
Paige Henley
Paige Henley
Editor
Published on: December 19, 2024

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.

Leave a Comment