- Millions of dollars worth of cryptocurrencies are being stolen from wallets
- Victims linked to 2022 LastPass hack
- Hackers stole encrypted and unencrypted data from password manager providers
Hackers responsible for huge losses 2022 LastPass data breach Continuing the rampage, the stolen information was used to steal $5.36 million from 40 crypto wallets.
In the August 2022 hack, attackers gained access to information that later allowed them to successfully breach a cloud-based storage environment that stored customer keys, API tokens, multi-factor authentication (MFA) seed and encrypted cryptographic library.
While password vaults are encrypted, they can still be brute-forced if the master password used to open them is weak, reused, or previously leaked, which may have been the case in a series of crypto thefts targeting LastPass users since 2022 reason.
The aftermath continues
The latest thefts, linked to the LastPass vulnerability, were reported by a blockchain expert named ZachXBT (via neighborhood). ZachXBT claimed in a Telegram post that this is just the latest in a long line of cryptocurrency thefts affecting victims of the LastPass vulnerability, with $4.4 million stolen in October 2023 and another $6.2 stolen in February 2024.
“The stolen funds were converted into ETH and moved to a variety of instant exchanges from Ethereum to Bitcoin,” ZachXBT wrote in a Telegram message. “If you think you may have stored a mnemonic phrase in LastPass or Keys, please migrate your crypto assets immediately, this cannot be emphasized enough.”
edge According to previous reports, more than $35 million was stolen from 150 apparent victims of the LastPass data breach between August and December 2022.
These subsequent crypto wallet breaches highlight the importance of using unique passwords for each account and ensuring that each password meets recommended password security standards by using one of these passwords. best password generator.
Even if you change your Password manager Since the LastPass leak, any compromised passwords that are still being reused are at risk, as these encryption thefts demonstrate. It is also recommended to use strong Authenticator application Even if an attacker knows your username and password, it uses biometric authentication to protect your account.