Hackers have used stolen data from the 2022 LastPass hack incident to launch a series of new attacks on users of the famous password manager.
Back in 2022, LastPass fell victim to multiple hacks in which the source code, keys, API tokens, and MFA seeds were stolen from customers. With this valuable data in hand, hackers proceeded to launch a series of attacks in which they tried to steal users’ crypto. Up until then, LastPass was highly recommended as one of the best and most reliable password managers.
In October 2023, $4.7 million in cryptocurrency was stolen, and then in February 2024, another $6.4 million in digital currencies was taken from the accounts of LastPass users.
According to a report from The Block, hackers with LastPass data have stolen another $5.36 million from more than 40 crypto wallet addresses of users. This was discovered by ZachXBT, a blockchain expert who posted on Telegram that these new attacks are just the latest fallout from what took place two years ago.
In his post, ZachXBT explains that after this $5.36 million in crypto was stolen, the hackers then swapped these funds for Ethereum and proceeded to transfer them to various instant exchanges while converting them into Bitcoin.
Unfortunately with cryptocurrency, there’s really nothing at all victims can do to restore these stolen funds. This is why it’s recommended that you use a hardware wallet to store your crypto instead of a digital one or worse, keeping your crypto on an exchange where you don’t control the private keys.
In the event that users find out they have been hacked, they need to take immediate action to avoid getting caught up in the fallout. This means regularly changing passwords and potentially placing a fraud alert or credit freeze on your financial accounts if they are at risk.
When it comes to LastPass, you need to change your master password that allows access to the vault containing all other passwords and the data stored with the service.