Crypto Thief Ramps Up The Damage
In a bold and audacious heist, a crypto thief has taken advantage of the vulnerabilities from the LastPass breach, pilfering $4.4 million in a single day. This calamity only accentuates the ongoing catastrophe stemming from the 2022 LastPass breach, pushing the cumulative total of stolen crypto well over $35 million since its inception.
Unveiling the Details of the Heist
Details emerging from an October 27 Twitter post by pseudonymous on-chain researcher ZachXBT and MetaMask developer Taylor Monahan expose the depth of this malfeasance. They meticulously tracked the movement of funds from at least 80 compromised wallets, unveiling a trail of unauthorized transactions that led to the massive theft.
The Victims: Longtime LastPass Users
Most, if not all, of the victims caught in the crosshairs of this theft were longstanding LastPass users. A pattern of commonality among the victims is observed, where they reportedly stored their crypto wallet keys or seeds within LastPass, which became the epicenter of vulnerability.
Historical Trail of LastPass’s Vulnerability
The trajectory of chaos began in December 2022 when LastPass unveiled disturbing details of a breach. Attackers demonstrated their nefarious expertise by decrypting stored customer information, even managing to steal backups of encrypted customer vault data. A grave warning accompanied this disclosure: attackers could potentially decrypt the customer vault data through brute-force attacks on the accounts’ master passwords.
A Call for Urgent Action
An atmosphere of urgency is palpable as ZachXBT emphasizes the immediate migration of crypto assets for those who have ever stored wallet seeds or private keys in LastPass. This precautionary advisory underscores the critical nature of the situation and aims to forestall further losses in the wake of this ongoing security crisis.