Cryptoasset users whose sensitive data was leaked from the password manager LastPass in 2022 are reportedly still experiencing losses, as hackers continue to steal victims' funds.
At least $12 million in cryptoassets were stolen this week alone, according to the pseudonymous crypto sleuth ZachXBT. He shared a list of more than 100 affected addresses, mostly bitcoin (BTC) and ethereum (ETH), along with two avalanche (AVAX) addresses.
Yesterday, the cryptoasset security team from Security Alliance confirmed they identified more than 15 potential LastPass-related hacks on Tuesday.
"Move your assets before hackers move them for you," the team warned. They added that the hackers appear to have returned "just in time for Christmas."
"You, and your protocol, might be next," they cautioned, urging users not only to transfer all tokens but also to change "ownership of any contracts/multisigs."
Earlier this year, crypto security expert Taylor Monahan estimated that over $250 million had been stolen as a result of the LastPass breach.
Back then, Monahan opined that LastPass was "still in denial" and that they "still don’t fully understand their own compromise."
"Their security team at the time was not great, their new security team is better but there’s still a distinct lack of ownership in terms of preventing further loss," she said.
In 2022, LastPass confirmed that an unauthorized party accessed its third-party cloud-based storage service, which was used to store archived backups of their production data. The company stated that the attacker copied information from a backup containing basic customer account details and metadata, including company names, end-user names, billing addresses, email addresses, phone numbers, and the IP addresses used to access the service.
Additionally, a backup of customer vault data from the encrypted storage container was also copied.
Your email address will not be published. Required fields are markedmarked