According to ZachXBT, an anonymous on-chain researcher, about 25 cryptocurrency users using the popular password manager LastPass had digital assets worth more than $4 million stolen on October 25.
LastPass announced in December 2022 that customer data was decrypted by an attacker who used stolen information to acquire the login credentials of a LastPass employee.
At the time, LastPass said hackers copied backups of customer vault data. This includes information about website usernames and passwords, security notes, and form-fill data. Since then, scammers have drained the wallets of cryptocurrency users who stored important information on the LastPass platform. Reports estimate more than $35 million has been stolen from more than 150 victims since December.
In light of this, several cryptocurrency security experts have advised LastPass users on how to minimize further losses from this event. One of them is that if you ever store a wallet seed or private key in LastPass, move your crypto assets to other secure wallets immediately.
LastPass recommends that users should not use the same password for multiple wallets and regularly change website passwords to increase security.