At least 25 individuals have reported seeing $4.4 million in cryptocurrencies taken out of 80 wallets as a result of a 2022 data breach that affected the LastPass password storage programme. At least 80 hacked wallets’ fund movements were monitored by Taylor Monahan, a developer for MetaMask, and pseudonymous on-chain researcher ZachXBT on October 25. In a report that goes along with the Chainabuse, Monahan states that the majority of the victims are either long-time LastPass users or have confirmed storing their cryptocurrency wallet keys or seeds in LastPass.
In December 2022, LastPass said that an attacker had targeted a LastPass employee, obtained their credentials, and decrypted stored client information by using information that had been previously taken in an August breach. A backup of encrypted client vault data was also taken by the attacker, and LastPass issued a warning that this data could be decrypted if the attacker used brute force to guess the master password for the account. Cybersecurity writer Brian Krebs revealed in September that approximately 150 victims had approximately $35 million worth of cryptocurrency taken from them when it appeared that part of the LastPass client vaults had been breached.
A class-action complaint was filed against LastPass in January by those who said that the August 2022 breach led to the theft of almost $53,000 worth of Bitcoin. ZachXBT suggested that anyone who had ever kept a private key or wallet seed in LastPass move their cryptocurrency holdings right away.