Crypto Hack: Bad Actors Steal $5.36M in LastPass Attack

by

As a seasoned crypto investor with a few battle scars to show for it, I can’t help but feel a mix of dismay and resignation when I read about yet another large-scale hack. The LastPass incident is just the latest in a long line of breaches that have plagued our digital financial landscape.

Investigator ZachXBT has uncovered that more than $5.36 million in cryptocurrency was stolen through hacking incidents involving over 40 different digital wallets.

According to The Block’s report, it’s suspected that an assault was carried out, which has been linked to a security breach known as a “LastPass threat”. Experts believe this attack could stem from a hacking incident that occurred two years ago on the password management service LastPass.

LastPass Suffers from 2022 Hacking Incident 

As a researcher, I was dismayed to discover that in December 2022, my own investigations unveiled a breach at LastPass. This incident granted unauthorized access to sensitive data, such as customer keys, API tokens, and multi-factor authentication seeds.

Equipped with confidential data retrieved from an encrypted source, cybercriminals have masterminded and executed several instances of cryptocurrency heists. One such incident occurred in October 2023, resulting in a $4.4 million shortfall.

In February 2024, another cyber attack occurred, leading to losses exceeding $6.2 million. As of now, the total amount stolen has reached $35 million. Importantly, this latest loss of approximately $5.36 million brings the total closer to $45 million. 

When not dealing with false Christmas presents or misleading holiday merchandise sales, it’s about counterfeit retail discount vouchers, as ZachXBT explains in his recent expose on cryptocurrency theft. The culprit behind the stolen digital assets exchanged them all for Ethereum (ETH) worth $4,011. In a 24-hour period, Ethereum demonstrated a volatility of 1.6%, having a market cap of $482.71 billion and a 24-hour trading volume of $44.90 billion.

After completing the task, the funds were moved across several instant cryptocurrency exchanges, from Ethereum to Bitcoin.

“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote on X.

The trusted organization Security Alliance (SEAL) has explained to its users that their personal keys, recovery phrases, and information are not secure on LastPass. SEAL recommends users to transfer their assets off the platform before potential hackers can do so.

About $250 million worth of non-crypto funds have found their way to cyber criminals equally. 

Crypto Hack Incidents on The Increase 

A substantial amount of money has been drained from the cryptocurrency market this year. Just three weeks ago, XT Exchange had to temporarily stop withdrawals due to a hack that occurred on its platform. This hack was orchestrated by malicious individuals who made off with around $1.7 million in stolen cryptocurrencies.

In a similar incident involving LastPass, the hacker managed to steal funds and swiftly converted them into 461.58 ETH. Similarly, hackers exploited Dogwifhat’s account in November to push Solana-based tokens, an event that has raised concerns about the security of cryptocurrencies.

A cyber intruder gained access to account X and started sharing different meme cryptocurrencies with an aim to persuade people into buying multiple tokens. Some of the shared memecoins were Popwifnut (Popwifnut), Muu (Muu), and DogWifDoge (DogWifDoge).

I openly disclosed the contract addresses for every token I invested in, hoping that my reputation would boost the demand and subsequently the prices. However, with the increasing number of hackers in the crypto world, it’s essential to remain vigilant and cautious when making investment decisions.

Read More

2024-12-17 14:16