An estimated $5.36 million was stolen in crypto from over 40 wallet addresses in the latest exploit from attackers identified as the “LastPass threat actor,” according to blockchain sleuth ZachXBT.

“Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin,” ZachXBT wrote in his Telegram group message.

The security breach is said to have originated from the 2022 hacking incidents in the password manager service LastPass. In these incidents, attackers stole vast amounts of data, including customer keys, API tokens and MFA seeds.

This theft of sensitive customer data from LastPass had already led to two batches of cryptocurrency hacks, which ZachXBT identified—one in October 2023, which stole $4.4 million and another in February this year, which resulted in losses of over $6.2 million.

“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote in an X post last year.

Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。