LastPass Breached: Hackers Siphon $4.4 Million in Crypto

Hackers continue to exploit prominent password manager despite sleuths alarming users of a massive vulnerability.

Guy with a massive key at the storage unit.
Created by Kornelija Poderskytė from DailyCoin
  • A massive wallet-draining exploit continues to strike victims. 
  • Hackers managed to steal over $4.4 million from users storing their seed phrases on LastPass. 
  • Read how you can protect yourself from potential harm. 

Prominent crypto sleuth ZachXBT, in collaboration with fellow investigator Tayvano, has unveiled a major security breach plaguing prominent password manager LastPass. Their joint efforts unveiled an alarming exploit that hackers have been leveraging since December 2022 to illicitly access user seed phrases and steal crypto worth millions.

LastPass Hackers Strike Again

Earlier this year, the Lead Product Manager at MetaMask, Taylor “Tay” Monahan, alarmed users of a sophisticated wallet-draining exploit that allowed hackers to steal millions of dollars unnoticed from whale wallets on MetaMask. Upon further investigation, the crypto sleuth discovered that hackers stole most of these keys from LastPass

Updating the crypto community on her months-long investigation, Monahan confirmed that the exploit targeted an additional 100+ since she publicized the exploit in April. She pointed out that the hacker(s) continued to target large accounts only, with the average amount stolen per victim weighing in at $300k+.

Tayvano Twitter Update on LastPass Investigation.
Tayvano Twitter Update on LastPass Investigation

While many users didn’t heed Tayvano’s initial warnings, ZachXBT took to Twitter on October 27, notifying users that hackers stole another $4.4 million from 25 victims, bringing the total tally to a staggering 80 affected crypto addresses.

Although LastPass has affirmed that it is cooperating with security experts, users need to take immediate steps to protect themselves from potential harm.

How to Stay Safe from the LastPass Hack

Numerous crypto experts have been emphatically recommending users relocate their assets away from LastPass. Tayvano, in particular, encouraged victims of the wallet drain to reach out and file reports with the Internet Crime Complaint Center.

Experts underscored the magnitude of the situation by stating that all credentials stored within LastPass might have been compromised. As a precautionary measure, they strongly advised users to transfer their assets to more secure locations.

If you’re a LastPass user, here are a few go-to security measures to keep yourself safe: 

  • Double-check links, websites, and emails. Refrain from clicking any link unless it’s from a verified source. If the verified source has been compromised, take up the issue with other users and look for warnings and red flags. 
  • Report any suspicious activity to the concerned departments as soon as possible. 
  • Protect your recovery phrase by keeping it somewhere private. 
  • Set up additional security layers, such as two-factor authentication and multi-sig. 

Given the continued lack of action to address the vulnerability, exercise caution when transferring your assets from one address to another.

On the Flipside

  • LastPass has suffered two major security breaches since last year.
  • Most compromised LastPass seed phrases were connected to MetaMask wallets.  

Why This Matters

Major exploits as such have tainted the image of the crypto sector. With such a massive attack going unsolved, crypto risks remain a fringe option unless more security measures are introduced to address the problem.

Cardano Founder Slams Corruption Allegations:
Cardano’s Hoskinson Challenges Laura Shin’s ‘Damning’ Dossier

Find out how much SBF’s Solana bags are worth today:
SBF Testifies to Buying Solana at $0.20 Using Alameda Funds

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Insha Zia

Insha Zia is a senior journalist at DailyCoin covering crypto developments, especially in the Cardano ecosystem. With a Bachelor of Science in Computer Systems Engineering, he delivers high-quality articles with his technical background and expertise in data analysis and programming languages, aiming to educate and inform readers accurately, transparently, and engagingly. Insha believes education can drive mass adoption of the crypto space, and he is committed to giving DailyCoin readers a better understanding of the technology.