LastPass Data Breach Results in $4.4 Million Crypto Loss for 25 Victims in a Single Day

Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Journalist
Journalist
Hassan Shittu
Author Categories
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
LastPass Data Breach
Source: Pixabay

Around 25 individuals have reportedly lost $4.4 million in cryptocurrency from a total of 80 wallets, all due to the 2022 data breach that affected the password storage software LastPass.

On October 27, in a Twitter post, the on-chain sleuths ZachXBT, along with MetaMask developer Taylor Monahan, reported that they’ve tracked the movement of funds from at least 80 compromised wallets that were targeted on October 25. They also mentioned that many of the victims were long-time LastPass users who had stored their cryptocurrency wallet keys or seeds on the platform.

This security breach has been affecting LastPass since last year and continues to impact its users. In September, it was discovered that at least $35 million in cryptocurrency had been stolen from approximately 150 victims affected by the platform’s security breach that occurred in 2022.

LastPass, in its usual function, is a popular password manager designed to secure users’ login credentials. The attack on it involved unauthorized access to user accounts, with a focus on obtaining seed phrases and wallet keys used for cryptocurrency storage, indicating that they were primarily interested in exfiltrating cryptocurrencies.

LastPass Discloses 2022 Data Breach Exposing Customer Data and Source Code Theft


However, in a blog post in December 2022, LastPass disclosed that an attacker had used previously stolen information to target an employee, gaining access to their credentials and decrypting customer data. The attack on LastPass allowed the hacker to gain access to the corporate laptop of a software engineer on the platform, which provided them with the means to infiltrate the company’s system. In the process, they stole source code, confidential technical documentation, and internal system secrets.

Additionally, a backup of encrypted customer vault data was stolen, which could be decrypted if the attacker successfully guessed the account’s master password through brute force.

This initial breach enabled the hacker to extract 14 of LastPass’s 200 source code repositories. Subsequently, the hacker conducted a more extensive attack, leading to the acquisition of a copy of the LastPass customer database.

This database contained information such as unencrypted account details and associated metadata, including multi-factor authentication settings.

LastPass Faces Lawsuit After $32 Million Crypto Theft


LastPass’s CEO initially claimed that the hack had been contained and that the compromised data did not include personal user information. It was later reported in August 2023 that over 1200 BTC, valued at $32 million, had been stolen from wallets associated with LastPass users in the year following the security breach.

Earlier this year, several users reported losing significant amounts of cryptocurrency from wallets whose keys were stored on LastPass.

This incident resulted in the US District Court of Massachusetts filing a lawsuit against the company in January, alleging that it failed to protect user data adequately.

Also, in January, LastPass faced a class-action lawsuit from individuals who claimed that the August 2022 breach led to the theft of around $53,000 worth of Bitcoin, which was valued at $34,317 at the time.

In his recent post, ZachXBT advised anyone who had ever stored a wallet seed or private key in LastPass to transfer their cryptocurrency assets immediately.

More Articles

Altcoin News
Cardano Price Analysis: Is February Going to be a “Crazy Month” of ADA Gains?
Joel Frank
Joel Frank
2025-02-06 19:07:19
Blockchain News
US Crypto Regulations vs. MiCA Rules: Are Global Standards Underway?
Rachel Wolfson
Rachel Wolfson
2025-02-06 18:37:42
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors