Malicious actors, known as the “LastPass threat actor,” have stolen approximately $5.36 million in cryptocurrencies. This exploit was traced back to a security breach in LastPass in December 2022, which exposed user vault data including usernames, passwords, and secure notes. Despite LastPass’ assurances that master passwords were secure, the hackers have targeted users who stored their private keys or seed phrases in their vaults.
The Security Alliance (SEAL) has reported that crypto losses linked to the breach now exceed $250 million. This incident demonstrates the risks of trusting password managers with sensitive crypto-related data and highlights the need for individuals to safeguard their assets and reduce exposure to similar vulnerabilities.
Source
Source