- Hundreds of thousands of {dollars} value of crypto is being stolen from wallets
- The victims are being linked to the 2022 LastPass hack
- The hack noticed each encrypted and unecrypted knowledge stolen from the password supervisor supplier
The hacker accountable for the massive LastPass breach in 2022 has continued their rampage through the use of stolen knowledge to take $5.36 million from 40 crypto wallets.
The August 2022 hack noticed the attacker achieve entry to info that allowed them to later efficiently breach a cloud-based storage atmosphere which saved buyer keys, API tokens, multi-factor authentication (MFA) seeds, and encrypted password vaults.
Whereas the password vaults have been encrypted, the grasp password used to open them may nonetheless be brute pressured if it was weak, reused, or beforehand leaked, which could be the purpose for a string of crypto thefts towards LastPass customers since 2022.
The fallout continues
The newest theft is being linked to the LastPass breach by a blockchain professional referred to as ZachXBT (by way of The Block). ZachXBT claims in a Telegram publish that is simply the most recent in a protracted line of crypto thefts affecting victims of the LastPass breach, with $4.4 million being stolen in October 2023, and an extra theft of $6.2 in February 2024.
“Stolen funds have been swapped for ETH and transferred to numerous on the spot exchanges from Ethereum to Bitcoin,” ZachXBT wrote of their Telegram message. “Can’t stress this sufficient, should you consider you might have ever saved your seed phrase or keys in LastPass migrate your crypto belongings instantly.”
The Verge beforehand reported between the time of the breach in August and December of 2022, over $35 million was stolen from 150 obvious victims of the LastPass breach.
These subsequent breaches of crypto wallets spotlight the significance of utilizing distinctive passwords for each single account, and guaranteeing that every password adheres to beneficial password safety requirements through the use of one of many greatest password turbines.
Even when you’ve got modified your password supervisor supplier because the LastPass breach, any compromised passwords which can be nonetheless being reused are in danger, as evidenced by these crypto thefts. Additionally it is beneficial to make use of a powerful authenticator app that makes use of biometric verification to safe your accounts even when an attacker is aware of your username and password.