Kenne Michael 
At least 25 individuals had a total of $4.4 million in cryptocurrency drained from 80 wallets as a result of a 2022 data intrusion affecting password storage software LastPass.
ZachXBT, a pseudonymous on-chain researcher, stated in an X (Twitter) post on October 27 that he and MetaMask developer Taylor Monahan monitored the fund movements of at least 80 compromised wallets on October 25.
“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass,” Monahan said in a Chainabuse report.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
— ZachXBT (@zachxbt) October 27, 2023
LastPass disclosed in December 2022 that an attacker exploited information taken in a breach in August to target a LastPass employee, stealing their credentials and decrypting stored customer data.
However, also stolen was a backup of encrypted customer vault data, which LastPass warned could be decrypted if the attacker predicts the master password using brute force.
In a blog post published in September, cybersecurity journalist Brian Krebs reported that a number of LastPass customer vaults had been compromised, with over $35 million worth of cryptocurrency being plundered from approximately 150 victims.
Meanwhile, individuals filed a class-action lawsuit against LastPass in January, alleging that the August 2022 breach resulted in the seizure of approximately $53,000 worth of Bitcoin.
ZachXBT advised anyone who has ever stored a wallet seed or private key in LastPass to promptly migrate their crypto assets in his most recent X post.
