Coinspeaker Crypto Hack: Bad Actors Steal $5.36M in LastPass Attack
Blockchain sleuth ZachXBT has discovered the loss of over $5.36 million in crypto hacks from over 40 addresses.
As reported by The Block, the attack was allegedly perpetrated by what is identified as a “LastPass threat”. Analysts think the attack originated from a hacking incident two years ago involving the password manager service LastPass.
LastPass Suffers from 2022 Hacking Incident
In December 2022, hackers accessed confidential data on LastPass, including customer keys, API tokens, and MFA seeds.
Armed with this sensitive information from encrypted storage, the cybercriminals have orchestrated and conducted some batches of crypto thefts. One happened in October 2023 and led to the loss of $4.4 million.
In February 2024, another attack was launched, resulting in losses of over $6.2 million. As of September, all the stolen funds amounted to $35 million. Notably, the latest loss of $5.36 million brings the value closer to $45 million. It is worth noting that a sizable batch of LastPass hacks happened around the holiday season. Generally, hackers explore this period to present juicy offers to unsuspecting customers.
When it is not fake Christmas gift box promotions or fraudulent holiday decoration sales, it’s counterfeit retail coupons. According to ZachXBT’s exposition of the most recent crypto thefts, the bad actor swapped all the siphoned cryptocurrencies for Ethereum ETH $4 012 24h volatility: 1.6% Market cap: $483.51 B Vol. 24h: $45.99 B .
Once done with this, the funds were transferred to various instant exchanges, from Ethereum to Bitcoin BTC $107 200 24h volatility: 2.4% Market cap: $2.12 T Vol. 24h: $108.10 B . The blockchain analytics platform advised users to take action to avoid a recurrence.
“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote on X.
White hat organization Security Alliance (SEAL) also clarified to users that their private keys, seed phrases, and data are unsafe on LastPass. SEAL advises users to forward their assets from the platform before the hackers move them.
About $250 million worth of non-crypto funds have found their way to cyber criminals equally.
Crypto Hack Incidents on The Increase
Quite a massive amount of funds have been siphoned from the crypto market this year. XT Exchange was forced to halt withdrawal on its platform three weeks ago after it suffered a hack by malicious actors. The hackers stole approximately $1.7 million in the crypto theft.
Like in the LastPass case, the hacker successfully stole the funds and immediately exchanged them for 461.58 ETH. Hackers also exploited Dogwifhat’s X account in November to promote Solana-based tokens. This unfortunate situation raised concerns about crypto security.
The hacker accessed the X account and began promoting various meme coins to entice people to purchase several tokens. Some of the posted memecoins include Popwifnut (POPWNUT), Muu (MUU), and DogWifDoge (WIFD).
He even shared contract addresses for each token, hoping to leverage the account’s influence to drive up demand and, consequently, the price of the tokens. Given the growing presence of these hackers, crypto leaders often caution users to exercise caution.
next
Crypto Hack: Bad Actors Steal $5.36M in LastPass Attack
