The notorious LastPass hackers may have just ruined Christmas for another 40 victims this year, stealing $5.36 million from LastPass users — just eight days out from Christmas. 

LastPass fell victim to a data breach in December 2022, where the hackers were able to copy a backup of customer vault data from encrypted storage.

As of September, more than $35 million worth of crypto had been stolen — but factoring in the $5.36 million recently stolen and a $4.4 million incident from Oct. 25 would bring that figure closer to $45 million.

The most recent attack saw the stolen funds swapped for Ether (ETH) and transferred to “various instant exchanges,” blockchain sleuth ZachXBT noted in a Dec. 17 message to his 48,400 Telegram subscribers.

ZachXBT submitted onchain evidence of the latest LastPass attacks on the crypto scam reporting platform Chainabuse.

Finally, as required by The Algorithm, consider sharing this thread so that people who need to see it, will. Friends don't let friends get wiped out right before the new yearhttps://t.co/bda53hqUN6

— Security Alliance (@_SEAL_Org) December 16, 2024

It’s a stern reminder that all private keys and seed phrases stored on password manager LastPass prior to 2023 are at risk, white hat hacker team Security Alliance (SEAL) said in a Dec. 16 X post, adding:

“Move your assets before hackers move them for you.”

Non-crypto funds have been stolen too, with $250 million of funds estimated to have been stolen in May from “tens of thousands of thefts,” blockchain sleuth ‘Tay’ said on X. 

SEAL and Tay are two of the many crypto advocates calling for former LastPass users to transfer their funds from LastPass before it is too late.

December and Christmas is ‘hacker season’

The most recent batch of LastPass hacks comes amid an uptick in scams leading up to the Christmas festive season.

Blockchain security firm Cyvers stressed that “hacker season” has now arrived and urged everyone not to “trust anything that looks too festive,” to not reveal one’s 2FA codes and to even avoid connecting to free WiFi.

🎁 This is the season to be jolly... and for hackers to be naughty.
🦹December isn’t just about mistletoe and honey— it’s hacker season, too; between shopping sprees, festive distractions, and late-night transactions, it’s open season for scams.

🎄 Here’s your crypto survival… pic.twitter.com/qKZY8PuGB0

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) December 16, 2024

Crypto scammers could be looking to make up for lost ground this holiday season after phishing losses fell 53% month-on-month in November to $9.3 million.

Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time