According to Cointelegraph, the infamous LastPass hackers have struck once more, targeting 40 victims and stealing $5.36 million just days before Christmas. This incident follows a significant data breach in December 2022, where hackers accessed a backup of customer vault data from encrypted storage.
As of September, the total amount of cryptocurrency stolen had surpassed $35 million. However, with the recent theft of $5.36 million and an earlier incident on October 25 involving $4.4 million, the total losses now approach $45 million. The latest attack involved converting the stolen funds into Ether (ETH) and transferring them to various instant exchanges, as reported by blockchain investigator ZachXBT. He provided on-chain evidence of these attacks on the crypto scam reporting platform Chainabuse.
The Security Alliance (SEAL), a white hat hacker team, issued a stern warning on December 16, emphasizing that private keys and seed phrases stored on LastPass before 2023 are vulnerable. They urged users to move their assets to prevent further losses. Additionally, non-crypto funds have also been targeted, with an estimated $250 million stolen in May from numerous thefts, according to blockchain sleuth 'Tay'. Both SEAL and Tay are advocating for former LastPass users to transfer their funds to safer platforms.
The recent wave of LastPass hacks coincides with an increase in scams during the Christmas season. Blockchain security firm Cyvers highlighted that 'hacker season' has arrived, advising individuals to be cautious of anything that appears overly festive, to safeguard their 2FA codes, and to avoid connecting to free WiFi. This period is notorious for scams, as festive distractions and increased transactions create opportunities for cybercriminals. Despite a 53% drop in phishing losses in November, scammers are likely seeking to recover losses during the holiday season.