Cyber security is constantly under threat with the rise of Darknet hackers and cyber-crime worldwide. In recent events, hackers targeted LastPass and managed to steal $4.4m worth of Crypto in one day. This hack forms part of a much larger attack that has stolen up to $35m worth of crypto assets and continues to do so. But how exactly did they get this right? Let’s take a closer look.
The Hack
On October 25, 2023, LastPass was the victim of a massive hack which left at least 25 user accounts compromised. But this wasn’t the first time LastPass has been breached. In 2022, LastPass identified a breach which involved one of their employee’s credentials being stolen, giving the hackers access to stored customer data.
With this latest breach, threat actors managed to gain access to 80+ addresses. They stole keys and key phrases to crypto assets and more. ZachXBT posted on X and said, “We cannot stress this enough, if you believe you may have ever stored your seed phrases or keys in LastPass migrate your crypto assets immediately.”
What Cryptocurrencies were affected:
According to ZachXBT and Taylor Monahan, the MetaMask developer, the blockchains that were hit are Bitcoin, Ethereum, BNB, Arbitrum and Solana. The total amount of currency taken from these accounts was estimated at around $4.4 million. The funds will probably go through several rounds of washing and possibly used on Darknet Markets to get it into cash eventually.
The on-going struggle
Unfortunately, this isn’t a new experience for LastPass. While it was a significant amount stolen, this has been an ongoing struggle for them. LastPass has repeatedly been victim to theft over the last few years and it hasn’t always been because their systems were compromised. According to Monahn, there are more than 150 people connected to the thefts which add up to over $35 million worth of stolen crypto.
LastPass has also faced legal action due to the breach they had in August 2022, where approximately $53,000 in Bitcoin was stolen. This breach also led to the theft of a backup of encrypted customer vault data. If decrypted, the hacker would have access to customers’ personal data. In the latest breach, the list of keys stolen was diverse and included 12-24 word seeds, Ethereum presale wallet jsons, wallet.dats. Private keys and more.
How to protect yourself against password hacks
Cybercriminals are constantly getting bolder which is all the more reason why we need to practice caution when it comes to protecting our crypto assets. Here are a few tips to protect yourself against being password hacked:
- Change your Password Regularly: Nowadays, devices and sites will warn you if your details have been in a potential leak. Change your password as soon you see this to avoid theft.
- Make your passwords difficult: Choosing an easy password is just asking to get hacked. Ensure that your password is complicated. Use upper and lowercase letters and include numbers and special characters.
- Make long passwords: Short passwords are more likely to be guessed or figured out. The optimal length for a password should be between 8-12 characters.
- Use MFA: Multi-factor Authentication allows you to add multi-level security to your assets. This means to access your assets you’d need to use multiple passwords or verification methods to unlock them.
- Use a Password Manager: Password managers make saving and using multiple passwords easier, especially if you struggle to remember your passwords. Password managers generally have a robust security system to ensure your data is safe and free from risk.
Frequently Asked Questions
Well, if you haven’t had funds stolen yet then that’s a good sign. However, as ZachXBT has said, if you think you have stored your seed phrases or keys in LastPass then it would be best to migrate your assets immediately to avoid the risk of them being stolen.
Currently, LastPass has employed the best cyber-security firms in the world to test and secure their sites and to help find the loop whole and close them. However, this is a process and may take some time. To make things safer, LastPass has also added MFA and encourages its users to activate it to give them an extra level of security.
Experts believe that the breach in 2022 that led to encrypted data being stolen has now been decrypted and has led to the last six hacks. This is just a theory and hasn’t been proven yet by security experts.