- A massive wallet-draining exploit continues to strike victims.
- Hackers managed to steal over $4.4 million from users storing their seed phrases on LastPass.
- Read how you can protect yourself from potential harm.
Prominent crypto sleuth ZachXBT, in collaboration with fellow investigator Tayvano, has unveiled a major security breach plaguing prominent password manager LastPass. Their joint efforts unveiled an alarming exploit that hackers have been leveraging since December 2022 to illicitly access user seed phrases and steal crypto worth millions.
LastPass Hackers Strike Again
Earlier this year, the Lead Product Manager at MetaMask, Taylor “Tay” Monahan, alarmed users of a sophisticated wallet-draining exploit that allowed hackers to steal millions of dollars unnoticed from whale wallets on MetaMask. Upon further investigation, the crypto sleuth discovered that hackers stole most of these keys from LastPass.
Updating the crypto community on her months-long investigation, Monahan confirmed that the exploit targeted an additional 100+ since she publicized the exploit in April. She pointed out that the hacker(s) continued to target large accounts only, with the average amount stolen per victim weighing in at $300k+.
While many users didn’t heed Tayvano’s initial warnings, ZachXBT took to Twitter on October 27, notifying users that hackers stole another $4.4 million from 25 victims, bringing the total tally to a staggering 80 affected crypto addresses.
Although LastPass has affirmed that it is cooperating with security experts, users need to take immediate steps to protect themselves from potential harm.
How to Stay Safe from the LastPass Hack
Numerous crypto experts have been emphatically recommending users relocate their assets away from LastPass. Tayvano, in particular, encouraged victims of the wallet drain to reach out and file reports with the Internet Crime Complaint Center.
Experts underscored the magnitude of the situation by stating that all credentials stored within LastPass might have been compromised. As a precautionary measure, they strongly advised users to transfer their assets to more secure locations.
If you’re a LastPass user, here are a few go-to security measures to keep yourself safe:
- Double-check links, websites, and emails. Refrain from clicking any link unless it’s from a verified source. If the verified source has been compromised, take up the issue with other users and look for warnings and red flags.
- Report any suspicious activity to the concerned departments as soon as possible.
- Protect your recovery phrase by keeping it somewhere private.
- Set up additional security layers, such as two-factor authentication and multi-sig.
Given the continued lack of action to address the vulnerability, exercise caution when transferring your assets from one address to another.
On the Flipside
- LastPass has suffered two major security breaches since last year.
- Most compromised LastPass seed phrases were connected to MetaMask wallets.
Why This Matters
Major exploits as such have tainted the image of the crypto sector. With such a massive attack going unsolved, crypto risks remain a fringe option unless more security measures are introduced to address the problem.
Cardano Founder Slams Corruption Allegations:
Cardano’s Hoskinson Challenges Laura Shin’s ‘Damning’ Dossier
Find out how much SBF’s Solana bags are worth today:
SBF Testifies to Buying Solana at $0.20 Using Alameda Funds