It has been reported that a hacker has made off with $4.4 million in cryptocurrency, in a single day, as a result of a data breach from LastPass.
The crypto thief drained at least 25 users’ wallets, bringing the total theft tally to a staggering $35 million since the breach was first identified in 2022. The most recent heist was tracked by pseudonymous on-chain researcher ZachXBT and MetaMask developer Taylor Monahan.
In a follow-up to the report, Monahan emphasized, “Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass”.
The breach reportedly impacted the password storage software, LastPass, in 2022. In December of the same year, the company disclosed that an attacker had leveraged previously stolen data to target a LastPass employee, thus managing to decrypt stored customer information.
Notably, the breach also resulted in the theft of encrypted customer vault data. LastPass warned that this data could be decrypted if the attacker successfully guessed the account’s master password.
The scale of the breach came to light in a September blog post by cybersecurity journalist Brian Krebs, who revealed that over $35 million in crypto had been stolen from approximately 150 victims.
Consequently, LastPass faced a class-action lawsuit in January from individuals claiming the August 2022 breach resulted in the theft of around $53,000 worth of Bitcoin (BTC).
Read Now: Uniswap DAO shows support for $12 Million investment in Ekubo’s future token