Crypto Hack Alert: $5.63M Lost as LastPass Breach Hits 40 Wallets

The fallout from the 2022 LastPass cyberattack is now hitting cryptocurrency holders hard, with over $5.36 million recently stolen. Blockchain investigator ZachXBT revealed that the “LastPass threat actor” targeted more than 40 crypto addresses in this latest heist.

How the Attack Played Out

In a December 17 update, ZachXBT explained that the stolen funds were first converted into Ethereum, then moved through various instant exchanges, and finally transferred back into Bitcoin.

This incident is part of a string of attacks that began with the December 2022 LastPass breach, where attackers accessed encrypted vault data stored on an unknown cloud platform.

At the time, LastPass assured users that their master passwords were protected with high-level encryption, making brute-force attacks highly unlikely. Despite this, hackers have been systematic, targeting users who stored cryptocurrency private keys or seed phrases within their LastPass vaults.

Losses Mount to $250 Million

According to cybersecurity group Security Alliance (SEAL), total losses from the LastPass hacks have exceeded $250 million as of May 2024. Major incidents include $6.2 million stolen in February 2024 and $4.4 million in October 2023.

Hackers have strategically timed many of these attacks to coincide with holiday seasons, when people are more likely to fall for scams, fake promotions, or festive bonuses. With Christmas just a week away, the risk of further attacks remains high.

Secure Your Assets Now!

LastPass users who suspect they have stored private keys or seed phrases in their vaults are urged to move their crypto assets immediately to safer storage solutions.

This ongoing wave of attacks underscores the risks of relying on centralized password managers to protect critical blockchain data. While LastPass promotes its encryption capabilities, this breach shows that even encrypted data can be vulnerable when stolen in bulk.

To avoid similar risks in the future, crypto holders should:

• Avoid storing private keys or seed phrases on online platforms.
• Use hardware wallets, which offer secure offline storage.

In crypto security, decentralization and offline solutions like hardware wallets remain the most effective defense against cyber threats.