LastPass Breaches Strike Again: $12 Million Stolen from Crypto Wallets

Hackers have stolen over $12 million from users of the LastPass service in a new wave of attacks. According to analyst ZachXBT, the attackers compromised more than 100 cryptocurrency wallets between December 16 and 17.

The stolen funds, initially in Ethereum, were swiftly converted to Bitcoin through various instant exchange platforms. The criminals leveraged data obtained during the 2022 breaches of LastPass.

LastPass, a password management service often used to secure cryptocurrency wallets, suffered two significant breaches in 2022, in August and October. These incidents allowed attackers to gain access to users’ keys, API tokens, multi-factor authentication keys, and other sensitive information.

In January 2023, a class-action lawsuit was filed against LastPass, accusing the company of failing to safeguard user data and implementing insufficient security measures.

The fallout from the data breaches continues to impact LastPass users adversely. In April 2023, a $50,000 cryptocurrency theft was reported, followed by losses totaling $4.4 million in October.

Taylor Monahan, a developer at MetaMask, has urged all LastPass users to transfer their assets to new wallets immediately.