ZachXBT, a blockchain investigator, has discovered that malicious actors have been identified by the “LastPass threat actor,”The theft of approximately $5.36million in crypto currencies has been reported.
ZachXBT posted the following on December 17th, in his Telegram Channel:
“Today an estimated $5.36M was drained by the LastPass threat actor from 40+ victim addresses. Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin.”
This exploit is traceable to a security breach in December 2022, when LastPass reported that attackers had accessed archived data backups for encrypted vaults stored on a cloud platform from a third party. LastPass warned at the time that users’ vault data was exposed, which included usernames, secure notes, and passwords.
LastPass assures users, however, that brute forcing master passwords will be very difficult due to the strong encryption protocols.
Recent hacking attacks, however, have proven that hackers are targeting users who store their private keys and seed phrases on their LastPass vaults.
Now over $250 million has been lost
Security Alliance, a group of experts in cyber security, announced that losses resulting from the hack have exceeded $250,000,000 as of 2024.
According to SEAL, these attacks could have been prevented as many victims—despite practicing caution—unknowingly placed their digital assets at risk by relying on centralized storage for private keys.
SEAL said:
“Don’t be a part of the statistic. If you used LastPass in the past and think there’s a chance you stored your private key or seed phrase in your vault, take the time and move all your tokens [and] transfer ownership of any contracts/multisigs/etc.”
Experts in security noted that the incident shows how dangerous it is to trust password managers with cryptographic data. Crypto holders need to immediately protect their assets from similar vulnerabilities and safeguard them.
Posted In: Crime, Featured The Author 
Oluwapelumi Adejumo
Oluwapelumi is a believer in Bitcoin. He gives insights into a variety of topics, including DeFi hacks, culture and mining, while highlighting its transformative potential.
@hardeyjumoh LinkedIn Email Oluwapelumi Editor
Liam ‘Akiba’ Wright
Also known as “Akiba,” Liam Wright, Editor-in Chief at CryptoSlate is also the host of SlateCast. He is a firm believer that the decentralized technologies have the power to bring about positive changes.
Twitter @akibablade Email Editor 
CryptoSlate Substack cryptoslate.substack.com
Updates and analyses on cryptography. Every day, straight to your mailbox.
Join our 90k+ Subscribers
The Latest Press Releases
View All 
Forte Unveils Open Source Rules engine to Support Economic and Safety in Blockchain Development
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
