$4.4 million worth of crypto assets were stolen from more than 25 victims on October 25 due to the LastPass breach that happened last year.
Blockchain researcher ZachXBT has urged people who stored their seed phrases or keys to move their crypto assets to avoid falling victim to the ongoing hacks.
MetaMask developer Taylor Monahan also confirmed the data in a Chainabuse report, saying over 80 unique addresses were compromised.
If you are reading this because your funds were stolen to one of these addresses, get in touch and file an IC3 right now if you haven’t done so already.
The stolen crypto assets are related to a breach on LastPass in December last year. LastPass said the attacker uses information stolen from a LastPass employee to steal customer credentials and decrypt stolen customer data.
The hackers also accessed a backup of encrypted customer vault data. LastPass warned that the attackers could decrypt the data in a brute force attack by guessing the master password.
Over $35M Stolen So Far In LastPass Breach
According to a September blog post by cybersecurity journalist Brian Krebs, the LastPass breach has led to the loss of over $35 million worth of crypto assets.
Since December last year, cybersecurity researchers have connected multiple crypto thefts targeting over 150 people with the LastPass breach.
The LastPass hacks not only target novices but also expert traders with in-depth knowledge of cybersecurity. However, in either of these cases, the victims’ emails and mobile numbers were not stolen, which usually happens with such high-profile financial breaches.
Monahan noted that the victim profile included the
Employees of reputable crypto orgs, VCs [venture capitalists], people who build DeFi protocols, deploy contracts, run full nodes.
The LastPass breach led to the US District Court of Massachusetts filing a lawsuit against LastPass over allegations that the company failed to protect user data.
The company also faces a class-action lawsuit from crypto holders who claim to have lost around $53,000 worth of Bitcoin. At the time of the breach, the stolen BTC was worth around $34,317.