The notorious LastPass hackers may have just ruined Christmas for another 40 victims by stealing a staggering $5.36 million from LastPass users – just eight days before the holiday season.
In December 2022, LastPass fell victim to a data breach when the hackers were able to copy a backup of customer vault data from encrypted storage. This heinous act has left many LastPass users scrambling to secure their assets.
The Devastating Consequences
As of September, more than $35 million worth of crypto had been stolen – but factoring in the recent $5.36 million and a previous incident from October 25 would bring that figure closer to $45 million. This is a stark reminder of the devastating consequences of the LastPass data breach.
The most recent attack saw the stolen funds swapped for Ether (ETH) and transferred to various instant exchanges, as noted by blockchain sleuth ZachXBT in a December 17 message to his 48,400 Telegram subscribers.
On-Chain Evidence
ZachXBT submitted on-chain evidence of the latest LastPass attacks on the crypto scam reporting platform Chainabuse. This evidence is a stark reminder that all private keys and seed phrases stored on password manager LastPass before 2023 are at risk.
White hat hacker team Security Alliance (SEAL) echoed this sentiment in a December 16 X post, stating: "Move your assets before hackers move them for you."
The Risks Are Real
Non-crypto funds have also been stolen, with $250 million estimated to have been stolen in May from tens of thousands of thefts. Blockchain sleuth Tay said on X that this is a stark reminder of the risks associated with storing sensitive information on LastPass.
SEAL and Tay are two of the many crypto advocates calling for former LastPass users to transfer their funds from LastPass before it’s too late.
December and Christmas: "Hacker Season"
The most recent batch of LastPass hacks comes amid an uptick in scams leading up to the festive season. Blockchain security firm Cyvers stressed that ‘hacker season’ has now arrived, urging everyone not to trust anything that looks too festive.
Cyvers also warned against revealing one’s 2FA codes and avoiding connecting to free WiFi. This is a stark reminder of the importance of cybersecurity during the holiday season.
A Warning from Meta
Meta, the social media giant behind Facebook, Instagram, and WhatsApp, recently sent a warning to its users, identifying several scam campaigns targeting holiday shoppers from fake Christmas gift box promotions, fraudulent holiday decoration sales, and counterfeit retail coupons.
These scams could be looking to make up for lost ground this holiday season after phishing losses fell 53% month-on-month in November to $9.3 million.
The "SEAL 911" Team
White hat ‘SEAL’ team protecting from crypto hacks surpasses 900 investigations, a testament to the growing threat of cybercrime during the holiday season.
