In a recent cyber attack, hackers managed to drain $12.4 million worth of Ethereum (ETH) from over 100 wallets linked to the popular password management service LastPass. The attack, which took place between December 16 and December 17, was uncovered by blockchain investigator ZachXBT.
LastPass, known for its role in securing cryptocurrency wallets, has been a target of cybercriminals before. In 2022, the company experienced two separate data breaches, leading to the unauthorized access of customer keys, API tokens, multi-factor authentication seeds, and other sensitive security information. This latest attack is a continuation of the security issues faced by LastPass users.
The stolen Ethereum was quickly converted to Bitcoin (BTC) using multiple instant exchanges, making it difficult to trace the funds. This incident has raised concerns about the security of LastPass and the potential for future attacks targeting users who may have been affected by the 2022 breaches.
In response to the attack, MetaMask developer Taylor Manohan has advised users to transfer their funds to new wallets if they have used LastPass in the past. Additionally, a white hat coalition known as Security Alliance, or SEAL ORG, has warned users that their crypto assets may be at risk if they do not take action to secure their accounts.
The ongoing security issues faced by LastPass serve as a reminder of the importance of safeguarding sensitive information in the cryptocurrency space. Users are urged to remain vigilant and take proactive measures to protect their assets from potential threats.