advertisement
X-twitter Facebook Instagram Linkedin Youtube Spotify
Facebook
X
LinkedIn
WhatsApp
Reddit

Crypto theft of $5.36m may have ties to LastPass breach

  • Hackers have reportedly made off with $5.36 million stolen from 40 cryptocurrency wallets.
  • The wallets’ credentials appear to have been gleaned from a LastPass breach in 2022.
  • Hackers may have forced their way into these accounts leveraging previously compromised credentials rather than lifting them from LastPass itself.

Two years ago LastPass was breached, actually, in 2022, LastPass was breached twice. The second of those breaches happened in December and while the password manager claimed that no user data was compromised, that didn’t stop data from becoming compromised.

While LastPass’ protections may have obfuscated user data to hackers, users are bad at password security and so hackers managed to breach a user’s password vault by forcing their way in.

Now it is being reported that hackers have managed to breach cryptocurrency wallets allegedly using data they gleaned from the 2022 LastPass breach. As much as $5.36 million was stolen from 40 wallets according to a report from TechRadar. The news comes from a blockchain expert known as ZachXBT who claims that a long line of crypto robberies is linked to the aforementioned LastPass breach, including the latest theft of $5 million

“Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin,” the blockchain expert wrote on Telegram. “Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately.”

This incident highlights the dangers of recycling passwords, especially passwords that protect your password manager. While we absolutely recommend using a password manager, the security of this solution is brought into question when folks use passwords that have been compromised before.

Cybercriminals will often use passwords compromised in other, low level breaches in a bid to break into other accounts because they know that people reuse and recycle their credentials. That website you signed up for when you were 18 that was compromised five years ago may not seem like a big deal but it adds data to a growing pile that hackers and other cybercriminals use frequently.

Your password sucks, fix it

We highly recommend that you spend a day or two this festive season conducting an audit of your online profiles and their passwords. Change passwords, enable multi-factor authentication and consider purchasing a password manager subscription for yourself. Just maybe make LastPass your last option.

While it has been two years since the breach, it’s clear that hackers aren’t done with the company and the information they gleaned.

advertisement

About Author

More
Picture of Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

Related News

Cybercriminals beware, Nigeria is preparing for a fight

Watch out for this malware that uses legitimate apps as a disguise

Have I Been Pwned owner, pwned

NHI’s centralised nature is a major cyber risk

Cybercriminals blackmail YouTubers into distributing covert cryptominer

Spray and pray – the worrying new trend among cybercriminals

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.

© 2025. All rights reserved by HTXT.