LastPass users experienced a significant security breach last week, as hackers allegedly made off with $5 million in cryptocurrency over two days, according to a new investigation. The incident marks a notable escalation in the fallout from the 2022 LastPass security compromise. A blockchain crypto investigator known as ZachXBT revealed through a Telegram post that the stolen funds, totaling $5.36 million, came from over 40 victims.
These funds were reportedly swapped for Ethereum (ETH) and then transferred to various exchanges where they were converted into Bitcoin. ZachXBT advised, “If you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.”
Despite these revelations, there have been no recent updates on social media regarding the alleged thefts and the broader 2022 LastPass incident. In response to these claims, LastPass Chief Secure Technology Officer Christofer Hoff stated, “A year has passed since initial claims surfaced alleging a link between certain cryptocurrency thefts and the 2022 LastPass security incidents.
Latest crypto theft hits LastPass users
In that time, LastPass has investigated these claims and to date is not aware of any conclusive evidence that directly connects these crypto thefts to LastPass.”
Hoff emphasized LastPass’s commitment to security, inviting any researchers with potential evidence to contact the LastPass Threat Intelligence team. The 2022 data breach involved the compromise of LastPass development servers facilitated through a hacked developer account.
Initially downplayed by CEO Karim Toubba as a theft of “portions of source code and some proprietary LastPass technical information,” the four-month investigation revealed more severe consequences. The hacker accessed and decrypted storage volumes from a third-party cloud-based storage service used for backup, which included customer vault data. Toubba had advised users to change their passwords on stored websites, particularly if they had weak master passwords, highlighting the importance of robust password security for LastPass users.
The continued fallout from the LastPass breach underscores the critical need for vigilance and robust security measures in the realm of digital asset management. LastPass users, especially those handling cryptocurrency, are advised to review their security practices and take immediate action to safeguard their assets.