The 2022 LastPass data breach continues to haunt users, as hackers reportedly stole over $5 million in cryptocurrency on December 16 and 17, 2024.
How the Hack Unfolded
According to blockchain investigator ZachXBT, hackers exploited stolen data from the breach to access over 40 victimsโ crypto accounts. The stolen funds were converted to Ethereum and then swapped for Bitcoin through instant exchanges.
ZachXBT urged users on social media to immediately migrate their crypto assets if they had stored seed phrases or private keys in LastPass.
LastPass Responds
LastPass denies a direct link between the breach and the recent thefts. Chief Secure Technology Officer Christofer Hoff stated, “We are not aware of conclusive evidence directly connecting these crypto thefts to LastPass.” The company continues to investigate and encourages researchers to share evidence.
Background on the 2022 Breach
The breach originated from a compromised developer account, granting hackers access to portions of source code and backup data stored in a third-party cloud service.
While vault data was encrypted, users with weak master passwords were advised to update their credentials to reduce risks.
Takeaway for Users
This incident highlights the importance of strong passwords and securing sensitive data outside of cloud-based storage services. If you suspect your crypto assets may be at risk, take immediate action to safeguard them.