Hackers stole R83 million in crypto from LastPass data breach victims

Malicious actors stole $4.4 million (R83 million) worth of crypto from victims of the LastPass data breach in 2022, according to a Tweet from ZachXBT on X.

He warned that anyone who believes they have stored their seed phrase or key should migrate their crypto assets immediately.

“Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack,” said ZachXBT.

“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately.”

LastPass suffered a data breach in August 2022, and the company initially said that no customer data or encrypted password vaults had been compromised during the malicious actors’ four-day access to its systems.

However, in December 2022, the company revealed that hackers stole encrypted copies of customer passwords and other sensitive data such as billing addresses, phone numbers and IP addresses.

Source code and technical information were also stolen.

Despite the malicious actors stealing encrypted password vaults, LastPass said only customers know the master password required to decrypt them.

It warned that those with weak master passwords should consider resetting them to prevent hackers from using brute force attacks to crack them.

According to ZachXBT, it is believed that malicious actors are now cracking the stolen password vaults to access stored cryptocurrency credentials, keys, and passphrases.

Once cracked, they can load the wallet on their own device to drain funds.

Now read: Pietermaritzburg mom arrested for producing fake money on home printer