LastPass exploits that resulted in victims losing millions of dollars in cryptocurrencies. On October 25, 2023, approximately 25 victims lost $4.4 million as a result of the LastPass hack. It is not clear what specific exploit was used in this case; however, researchers have traced it back to a security breach.
It is also unclear whether LastPass has issued official statements regarding the exploit or taken action to address the issue. However, victims of the hack have been advised to send a direct message with the transaction hashes of the theft if they suspect that they have been affected. As of October 30, 2023, the total amount lost due to the LastPass breach was estimated at $44 million.
In December 2022, LastPass reported that an attacker had used information previously stolen in an August hack to target a LastPass employee. The hacker intercepted his credentials and decrypted the stored customer information.
A backup of encrypted customer data was also stolen, which LastPass warned could be decrypted if the attacker brute-force guessed the account master password.
In a blog post in September, cybersecurity journalist Brian Krebs reported that some of LastPass’s customer vaults appeared to have been compromised, with more than $35 million worth of cryptocurrency stolen from around 150 victims.
"I can't stress this enough: if you think you've ever stored your initial phrase or keys in LastPass, move your crypto assets immediately," ZachXBT (@zachxbt) advised on October 27, 2023.
The LastPass hack allowed unauthorized access to user accounts, resulting in large cryptocurrency losses for owners who stored wallet keys and seed phrases in the app.
The hackers specifically targeted the initial phrases and keys, stating that their primary goal was to steal cryptocurrencies.
Furthermore, there are disturbing similarities in the profiles of the victims this year.