The toll of stolen cryptocurrency continues to rise from LastPass data breaches in 2022, with the latest hack on October 25 adding to the damage. According to estimates, at least $35 million worth of crypto assets have been stolen from LastPass users since last year.
The most recent theft appears to be linked to a breach in August 2022, when an attacker gained access to LastPass employee credentials. This allowed them to decrypt customer vault data, which contained login information and private keys.
On October 27, researchers tracked the movement of funds from 80 crypto wallets that were compromised on October 25. In total, $4.4 million in crypto was drained from victims of the breach. Many users reported having stored wallet keys or seeds in LastPass.
This comes after an estimated $35 million in crypto was stolen from around 150 LastPass users as of September. Cybersecurity journalist Brian Krebs revealed that hacked vault data was used to steal funds. There’s also an ongoing class action lawsuit related to a 2022 breach.
Experts advise anyone who has ever stored crypto keys or seeds in LastPass to immediately move their assets. The company’s data breaches continue to have ripple effects, draining millions from unsuspecting users. Proper cybersecurity measures like avoiding password reuse and enabling 2FA could help reduce risk going forward.
