On October 25th, hackers stole $4.4 million in cryptocurrency, exploiting private keys and passphrases stored within LastPass stolen databases. Insights from crypto fraud researchers ZachXBT and Taylor Monahan of MetaMask revealed that victims, many LastPass users, fell prey to this cyber plunder.

ZachXBT disclosed, “We regularly have people reach out... who have had their crypto assets stolen. We also approach victims we discover on-chain.” Victims shared a common trait—utilizing LastPass, and exposing their assets.

Revealing a staggering theft, ZachXBT stated, “Just on October 25, 2023, another ~$4.4M was drained from 25+ victims due to the LastPass hack. Migrating crypto assets stored in LastPass is crucial.”

The chainbuse.com report outlines 80+ compromised addresses and 25+ distinct victims affected by this breach, signaling a larger case extending back to December 2022.

Identified Addresses: Stolen Funds

Reported addresses, such as bc1q6xf6aw976n58hpqnt4vwl0wcem2qmz2fwhdaqg and 0xc4fbae383f21779cbfe3c4b1df75bbad1dc904d0, were among the many compromised, leading to a cumulative theft of $4.4 million.

Background and Persistence

LastPass faced two breaches in 2022, allowing threat actors to seize source code, customer data, and encrypted password vaults. While CEO Karim Toubba assured the safety of vaults under a master password, weaker passwords necessitated a reset.

LastPass advised, “Depending on the length and complexity... you may want to reset your master password” due to the vulnerability of weaker passwords.

Research by Monahan and ZachXBT exposed threat actors’ efforts in cracking stolen password vaults to extract cryptocurrency wallet credentials and keys. This illicit access empowered them to drain victims' wallets.

Brian Krebs highlighted findings of over $35 million theft, affirming Monahan’s stance that compromised keys were predominantly stored in LastPass. It is evident that threat actors breached LastPass vaults, leading to the ongoing spate of cyber thefts.

Recommendation: Precautionary Measures

For LastPass users during the 2022 breaches, immediate password resets are strongly advised. Resetting all associated passwords, especially those storing cryptocurrency keys, is crucial in mitigating the risk.

Stay vigilant and take precautionary steps if your LastPass account dates back to the 2022 breaches. The crucial step is to secure all passwords to safeguard against potential theft and further breaches.