The notorious LastPass hackers may have just ruined Christmas for another 40 victims by stealing $5.36 million from LastPass users — just eight days before the holiday.
LastPass fell victim to a data breach in December 2022, when the hackers were able to copy a backup of customer vault data from encrypted storage.
As of September, more than $35 million worth of crypto had been stolen — but factoring in the $5.36 million and a $4.4 million incident from Oct. 25 would bring that figure closer to $45 million.
The most recent attack saw the stolen funds swapped for Ether (ETH) and transferred to “various instant exchanges,” blockchain sleuth ZachXBT noted in a Dec. 17 message to his 48,400 Telegram subscribers.
ZachXBT submitted onchain evidence of the latest LastPass attacks on the crypto scam reporting platform Chainabuse.
It’s a stern reminder that all private keys and seed phrases stored on password manager LastPass before 2023 are at risk, white hat hacker team Security Alliance (SEAL) said in a Dec. 16 X post, adding:
“Move your assets before hackers move them for you.”
Non-crypto funds have been stolen too, with $250 million of funds estimated to have been stolen in May from “tens of thousands of thefts,” blockchain sleuth Tay said on X.
SEAL and Tay are two of the many crypto advocates calling for former LastPass users to transfer their funds from LastPass before it is too late.
December and Christmas is ‘hacker season’
The most recent batch of LastPass hacks comes amid an uptick in scams leading up to the Christmas festive season.
Blockchain security firm Cyvers stressed that “hacker season” has now arrived and urged everyone not to “trust anything that looks too festive,” to not reveal one’s 2FA codes and to even avoid connecting to free WiFi.
Related: White hat ‘SEAL’ team protecting from crypto hacks surpasses 900 investigations
Meta, the social media giant behind Facebook, Instagram and WhatsApp, also recently sent a warning to its users, identifying several scam campaigns targeting holiday shoppers from fake Christmas gift box promotions, fraudulent holiday decoration sales and counterfeit retail coupons.
Crypto scammers could be looking to make up for lost ground this holiday season after phishing losses fell 53% month-on-month in November to $9.3 million.
Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time