LastPass hack drains $4.4m in one day

The LastPass hack claimed 25 victims on Oct. 25th, draining $4.4 million from several crypto wallets.

The LastPass hack from earlier this year continues to incur significant losses for its users. On Oct. 25, around $4.4 million was drained from over 25 victims due to a vulnerability exploit in the LastPass password management system.

Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.

Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb

— ZachXBT (@zachxbt) October 27, 2023

The LastPass hack involved unauthorized access to user accounts, leading to significant financial losses for crypto owners who stored their wallet keys in the application. The cybercriminals behind the attack appear to have specifically targeted seed phrases and wallet keys, as crypto exfiltration seems to be their primary goal. 

There’s also a concerning similarity between the victim profiles affected so far this year. They are users deeply integrated into the crypto ecosystem, such as employees of crypto firms, VCs, DeFi protocol developers and smart contract developers, among others. 

What is the LastPass Hack?

LastPass is a widely used password manager designed to keep users’ login credentials secure. A ‘LastPass Hack’ refers to a security breach in this system where unauthorized individuals gain access to sensitive information stored within a user’s LastPass account. 

Earlier this year, several users reported losing large sums from their crypto wallets, the keys to which were stored on LastPass.

The US District Court of Massachusetts also filed a lawsuit against the company for failing to protect user data in January.