According to reports, a data breach in 2022 that affected the password storage program LastPass caused at least 25 people to witness $4.4 million in cryptocurrency being taken out of 80 wallets. Pseudonymous on-chain researcher ZachXBT claimed in an Oct 27 X (Twitter) post that they and MetaMask developer Taylor Monahan monitored the fund transfers of at least 80 wallets that were compromised on Oct. 25 as a crypto thief stole $4.4M in a day.
80 Addreses amongst many more were compromised
As to the findings of online cryptocurrency theft investigator Zachxbt, the password manager programme Lastpass was used to steal almost $4.4 million from over 25 different people. One threat actor is thought to be responsible for the heist, which is reported to have happened on October 25. More than eighty different addresses were compromised as of this writing.
According to a Chainabuse study of the breach, there is a possibility that the theft is connected to a bigger case that started at least in December 2022. The password management app’s cloud-based storage environment was compromised in August 2022, as previously revealed by Bitcoin.com News, however Lastpass didn’t disclose this information until December 22, 2022. Lastpass tried to reassure concerned users after the disclosure, but this was mainly received with resistance.
Series of unfortunate events
LastPass said in December 2022 that an attacker had used data taken from an August breach to target a LastPass employee, obtaining their login credentials and decrypting stored client data. A backup of encrypted client vault data was also taken, and LastPass issued a warning that this material could be decrypted if the attacker used brute force to guess the master password for the account.
Cybersecurity writer Brian Krebs revealed in a September blog post that over $150 victims had over $35 million worth of cryptocurrency taken from some of the LastPass user vaults that appeared to have been breached as Crypto thief steals $4.4M in a day.
Users Compromised: Assessing and Finding solutions
Zachxbt warned password manager users to delete their passphrases from the programme underlying in the situation of Crypto thief steals $4.4M in a day in a message posted on the social media site X, which was formerly Twitter.
“On October 25, 2023 alone, the LastPass attack caused another ~$4.4M to be taken from over 25 individuals. It’s important to move your cryptocurrency assets right away if you think you may have ever kept your seed phrase or keys in Lastpass, Zachxbt advised.
Analysis of the hacker stealing situation
It is important to note that those investors in cryptocurrency who have recently lost significant portions of their capital fell victim because they trusted the password manager with their crypto wallet access codes and mnemonic phrases.
The blockchain security specialist has issued a warning to cryptocurrency investors, advising them not to provide third-party services access to sensitive information about their holdings, including mnemonic phrases. In order to reduce their chances of falling victim, he also advised anyone who had already disclosed this kind of information to move all of their cryptocurrency assets to a different wallet.
ZachXBT advised, “Cannot stress this enough: migrate your crypto assets immediately if you believe you may have ever stored your seed phrase or keys in LastPass.”
It is rather unfortunate that such an event transpired however the largest investors in crypto are being assured by safety measures and early actions put in place for times such as these. The cryptocurrency market is one that is volatile and prone to highest of criminal activity. It follows the motto of “high risk and high return”, people often were disillusioned as to where high risk stemmed from.
Also Read: Brazil reports a stablecoin boom with USDT’s use on the rise.
