Here are the key points from the article:
- A 2022 data breach affecting password storage software LastPass has resulted in $4.4 million in crypto being stolen from 80 wallets.
- Pseudonymous on-chain researcher ZachXBT and MetaMask developer Taylor Monahan tracked the movement of funds from compromised wallets.
- Most, if not all, of the victims were longtime LastPass users who had stored their crypto wallet keys/seeds in the software.
- LastPass disclosed in December 2022 that an attacker had used previously stolen information to target an employee, gaining access to customer information and encrypted vault data.
- There were concerns that the attacker could decrypt the encrypted vault data if they successfully guessed the account’s master password.
- Cybersecurity journalist Brian Krebs reported in September that some LastPass customer vaults had been cracked, resulting in the theft of over $35 million worth of crypto.
- LastPass is facing a class-action lawsuit claiming that the breach led to the theft of around $53,000 worth of Bitcoin.
- ZachXBT advises anyone who has ever stored a wallet seed or private key in LastPass to immediately move their crypto assets to a more secure location.