LastPass Breach Drains $4.4M Worth of Crypto Assets in a Day

Ali Raza  - Expert Tech Journalist
Last updated: November 1, 2023
LastPass Breach Drains $4.4M Worth Crypto Assets within Day
  • Hackers hacked funds from at least 25 LastPass users.
  • Funds have been stolen from Bitcoin, BNB, Ethereum, Solana, Arbitrum, and Polygon blockchains.
  • Anyone who stored a private key or wallet seed in LastPass should migrate their crypto assets immediately.

$4.4 million worth of crypto assets were stolen from more than 25 victims on October 25 due to the LastPass breach that happened last year.

Blockchain researcher ZachXBT has urged people who stored their seed phrases or keys to move their crypto assets to avoid falling victim to the ongoing hacks.

MetaMask developer Taylor Monahan also confirmed the data in a Chainabuse report, saying over 80 unique addresses were compromised.

Monahan said,

If you are reading this because your funds were stolen to one of these addresses, get in touch and file an IC3 right now if you haven’t done so already.

The stolen crypto assets are related to a breach on LastPass in December last year. LastPass said the attacker uses information stolen from a LastPass employee to steal customer credentials and decrypt stolen customer data.

The hackers also accessed a backup of encrypted customer vault data. LastPass warned that the attackers could decrypt the data in a brute force attack by guessing the master password.

Over $35M Stolen So Far In LastPass Breach

According to a September blog post by cybersecurity journalist Brian Krebs, the LastPass breach has led to the loss of over $35 million worth of crypto assets.

Since December last year, cybersecurity researchers have connected multiple crypto thefts targeting over 150 people with the LastPass breach.

The LastPass hacks not only target novices but also expert traders with in-depth knowledge of cybersecurity. However, in either of these cases, the victims’ emails and mobile numbers were not stolen, which usually happens with such high-profile financial breaches.

Monahan noted that the victim profile included the

Employees of reputable crypto orgs, VCs [venture capitalists], people who build DeFi protocols, deploy contracts, run full nodes.

The LastPass breach led to the US District Court of Massachusetts filing a lawsuit against LastPass over allegations that the company failed to protect user data.

The company also faces a class-action lawsuit from crypto holders who claim to have lost around $53,000 worth of Bitcoin. At the time of the breach, the stolen BTC was worth around $34,317.

Share this article

About the Author

Ali Raza

Ali Raza

Expert Tech Journalist

Experienced in web journalism and marketing, Ali Raza holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. He is very passionate about the internet privacy. Ali's work has been published in several valuable publications.

More from Ali Raza


No comments.