Crypto Theft Alert

An estimated $5.36 million was stolen in crypto from over 40 wallet addresses in a recent exploit attributed to the LastPass threat actor, according to blockchain investigator ZachXBT.

> “Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin,” ZachXBT noted in a message on Telegram.

The security breach is believed to have originated from 2022 hacking incidents involving the password manager service LastPass. During these breaches, attackers stole significant amounts of sensitive data including customer keys, API tokens, and MFA seeds.

This theft led to two notable cryptocurrency hacks, which ZachXBT identified: one in October 2023, resulting in the theft of $4.4 million, and another in February 2023, resulting in losses exceeding $6.2 million.

> “Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass, migrate your crypto assets immediately,” ZachXBT warned in a post on X last year.