Fact Checker
Author
Hackers targeting LastPass users have managed to steal $5.36 million, leaving 40 more victims in financial turmoil just days before Christmas.
The incident adds to the growing list of thefts linked to the December 2022 LastPass data breach, where hackers gained access to an encrypted backup of customer vault data, according to a recent report by Chainabuse.
The total amount stolen from LastPass users now nears $45 million. Prior to this latest heist, at least $35 million had been reported stolen. A separate theft on 25 October 2024 saw an additional $4.4 million swiped from user accounts.
EXPLORE: Crypto Tax Guide 2024
Cybersecurity Experts Issue New Warnings
The latest attack involved the conversion of stolen funds into Ether (ETH) before being laundered through “various instant exchanges,” according to blockchain investigator ZachXBT.
On 17 December 2024, ZachXBT shared on-chain evidence of the attack with his 48,400 Telegram subscribers and submitted the findings to the crypto scam reporting platform Chainabuse.
The recent surge in thefts has prompted renewed warnings from cybersecurity experts. White-hat hacker collective Security Alliance (SEAL) stressed that all private keys and seed phrases stored on LastPass prior to 2023 are at risk.
In a December 16 message on X (formerly Twitter), SEAL warned, “Move your assets before hackers move them for you.”
⚠️ Reminder that if you ever stored your private keys or seed phrases in LastPass prior to 2023, your funds might be at risk. We’ve seen 15+ cases of potential LastPass-related hacks TODAY
Move your assets before hackers move them for you. For more information, keep reading🧵
— Security Alliance (@_SEAL_Org) December 16, 2024
The LastPass breach has not only affected crypto funds. In May, an estimated $250 million in non-crypto funds was stolen, affecting “tens of thousands” of users.
Blockchain researcher Tay also highlighted these losses in a recent social media post. Both SEAL and Tay are urging former LastPass users to transfer their funds from the platform before it’s too late.
EXPLORE: 17 Best Crypto to Buy Now in 2024
Christmas Season Or “Hacker Season”
The latest round of LastPass-related thefts comes amid a broader rise in scams ahead of the Christmas season.
Blockchain security firm Cyvers has dubbed it “hacker season” and advised users to be cautious with holiday-themed offers and promotions. They warn against sharing two-factor authentication (2FA) codes and advise users to avoid connecting to free public Wi-Fi networks.
🎁 This is the season to be jolly… and for hackers to be naughty.
🦹December isn’t just about mistletoe and honey— it’s hacker season, too; between shopping sprees, festive distractions, and late-night transactions, it’s open season for scams.🎄 Here’s your crypto survival… pic.twitter.com/qKZY8PuGB0
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) December 16, 2024
Social media giant Meta has also issued a warning to its users, highlighting scam campaigns that include fake Christmas gift promotions, fraudulent holiday decoration sales, and counterfeit retail coupons.
The increase in cybercrime could be a bid by scammers to recoup losses after phishing attacks fell 53% in November, amounting to $9.3 million in losses.
More recently, cybersecurity firm Cado Security Labs warned that Web3 professionals are the latest victims of a sophisticated malware campaign that employs fake meeting apps to steal sensitive credentials and crypto assets.
Earlier this month, Cado’s threat research lead, Tara Gould, detailed how scammers are leveraging artificial intelligence (AI) to craft convincing websites and social media profiles that mimic legitimate companies.
The malicious app, initially called “Meeten,” has undergone several rebrands, now operating as “Meetio” and previously using domains such as Clusee.com, Cuesee, Meeten.gg, and Meetone.gg.
EXPLORE: $300 Million Exploit: Japan’s DMM Bitcoin Exchange Suffers Largest Hack Of 2024
Disclaimer: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.
99Bitcoins may receive advertising commissions for visits to a suggested operator through our affiliate links, at no added cost to you. All our recommendations follow a thorough review process.
We hate spam as much as you do. You can unsubscribe with one click.
Comments (No)