Hackers stole over $6.2 million in digital assets from 22 LastPass users between Feb. 19 and 20.
Blockchain investigator ZachXBT and Taylor Monahan, a developer associated with the crypto wallet MetaMask, revealed in a Feb. 21 post on social media platform X (formerly Twitter) that they meticulously tracked the movement of funds from 41 compromised wallets. These wallets comprised 21 Bitcoin and 20 Ethereum addresses, all impacted by the breach.
Monahan highlighted that the stolen assets encompassed various cryptocurrencies such as Cardano, Polygon, Dogecoin, and Wrapped Bitcoin, predominantly on the Ethereum virtual machine (EVM) chains. These were swiftly converted and transferred to Bitcoin.
Consequently, she urged affected individuals to report the incident to the US Internet Crime Complaint Center (IC3). Additionally, she advised LastPass users to promptly rotate their keys to curtail further losses from the security breach.
Last year, ZachXBT and Monahan disclosed that the attackers had stolen over $4 million in digital assets from LastPass users on Oct. 25. At the time, ZachXBT issued a strong recommendation for LastPass users who had ever stored their seed phrases or keys on the platform to transfer their crypto holdings promptly.
LastPass hack
In December 2022, LastPass, a platform trusted for storing and encrypting user passwords, fell victim to a breach that compromised its cloud-based storage service.
The attack allowed malicious actors to access its platform and copy a backup of its customer vault data, containing sensitive information such as website logins, secure notes, and form data.
Following the breach, cybercriminals began targetting crypto users whose seed phrases might have been stored on the platform. Cybersecurity expert Brian Krebs reported that the breach has resulted in the theft of over $35 million in digital assets from 150 victims.