Hackers have recently stolen $5.4 million worth of cryptocurrency from LastPass users, just days before Christmas, in a follow-up to the company’s 2022 data breach. The attack leveraged vulnerabilities stemming from a breach that occurred in December 2022 when hackers accessed and copied a backup of encrypted customer vault data. This latest incident is particularly concerning, as it highlights the ongoing risks faced by users who stored sensitive information, such as private keys and seed phrases, on the platform.
Blockchain investigator ZachXBT uncovered the latest theft, tracking the stolen funds, which were converted to Ether and moved across various instant exchanges. The theft has raised alarm among the crypto community, with experts urging LastPass users to act quickly to secure their assets. The breach has shown how vulnerable stored private keys can be when exploited by attackers with knowledge of encryption methods and decryption keys.
In response, white hat hacker group Security Alliance (SEAL) has issued an urgent call for LastPass users who stored crypto assets on the platform prior to 2023 to transfer their funds immediately. SEAL emphasized that any private keys or seed phrases saved before the breach are still at risk, making it essential for users to take precautionary steps to safeguard their digital assets before hackers can exploit them further.
This breach is a reminder of the persistent threats faced by users who rely on password managers to protect their sensitive information. With the holiday season approaching, scams and hacks are on the rise, prompting security experts to urge vigilance. Users are advised to avoid revealing 2FA codes or connecting to untrusted networks, and to move sensitive information from vulnerable platforms like LastPass as soon as possible.
Reference:
