Crypto Opinions & News $25M+ in crypto stolen from LastPass 'Secure Notes'

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.

cartaphilus

Level 10
Verified
Well-known
Mar 17, 2023
499

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
To each their own. But from what I understood, the problem with Lastpass is that it was a bad cloud-based password manager, not merely that it used the cloud.

How does a user knows when a cloud password manager is good or not, that is an important question.
 
  • +Reputation
Reactions: piquiteco

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Sorry, but could it be that the title is wrong?

I mean, "LastPass $25M+ stolen from 'Secure Notes'" is more than 100% likely to happen, but the article doesn't mention LastPass.
It's correct. The original article mentions the same Twitter account, before they knew it was related to LastPass' latest data breach.

See the updated tweet.
 
  • Like
Reactions: Jonny Quest

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,223
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.

The news comes from ZachXBT and MetaMask developer Taylor Monahan, who have been tracking these crypto thefts.

"We regularly have people reach out via DM who have had their crypto assets stolen. We also approach victims we discover on-chain," ZachXBT told BleepingComputer.

"We ask potential LastPass victims multiple questions and typically have found one commonality between them all being LastPass."

According to a tweet by ZachXBT on X, the threat actors stole $4.4 million from 25+ victims due to a LastPass breach in 2022.
"The number of victims who only had the specific group of seeds/keys that were drained stored in LastPass is simply too much to ignore."

It is becoming increasingly clear that the threat actors behind the LastPass attack have successfully cracked the passwords for vaults and are using the stolen information to fuel their own attacks.

Therefore, if you are a LastPass user who had an account during the August and December 2022 breaches, it is strongly suggested that you reset all of your passwords, including your master password.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top