Security Alliance (SEAL) warns users to transfer crypto funds from LastPass if private keys were stored before December 2022, as hackers steal $5.36M just before Christmas. Stay safe this holiday season!
,

Everything You Need to Know about Lastpass Data Breach

White hat cybersecurity group Security Alliance (SEAL) has issued a strong warning for crypto users to move their funds if their private keys or seed phrases have been stored on LastPass since December 2022 or earlier.

The notorious LastPass hackers have reportedly stolen $5.36 million from 40 victims just days before Christmas, further highlighting the dangers of the 2022 data breach.

Latest Crypto Theft Exposed

Blockchain investigator ZachXBT revealed on-chain evidence of the latest attacks on the crypto scam reporting platform Chainabuse. The attackers swapped the stolen funds for Ether (ETH) and transferred them to various instant exchanges, as ZachXBT detailed to his 48,400 Telegram followers on Dec. 17.

The theft adds to the already staggering losses caused by the December 2022 LastPass breach, bringing the total stolen crypto to an estimated $45 million. SEAL emphasized the urgency of the situation, stating in a Dec. 16 X post:

“Move your assets before hackers move them for you.”

LastPass Breach and Ongoing Risks

In December 2022, LastPass suffered a significant data breach when hackers accessed encrypted customer vault backups. Since then, private keys and seed phrases stored before 2023 remain at risk, allowing attackers to drain wallets.

In a previous report, blockchain researcher Tay noted that non-crypto losses are also substantial, with $250 million stolen from tens of thousands of victims in May 2023 alone.

SEAL, Tay, and other crypto advocates are urging all former LastPass users to act immediately by transferring their funds to secure wallets to prevent further thefts.

Crypto Scams – December Edition

The latest wave of LastPass-related attacks coincides with an overall increase in online scams targeting Christmas shoppers and crypto users. Blockchain security firm Cyvers warned that the holiday season is prime time for scammers, cautioning users:

  • Avoid deals that look “too festive” or too good to be true.
  • Never share two-factor authentication (2FA) codes.
  • Refrain from connecting to free public WiFi.

Meanwhile, tech giant Meta—the parent company of Facebook, Instagram, and WhatsApp—recently issued a warning to users about fraudulent holiday campaigns. These include fake Christmas gift promotions, counterfeit holiday decorations, and misleading retail coupons designed to steal sensitive information.

Crypto Scammers on the Rise After Declines

Despite phishing losses dropping 53% month-over-month in November to $9.3 million, cybercriminals appear determined to “make up for lost ground” during the holiday season, capitalizing on increased transactions and festive spending.

Key Takeaways for Crypto Users

  1. Move crypto funds immediately if private keys were stored on LastPass before December 2022.
  2. Stay cautious during the holiday season as scams surge.
  3. Use hardware wallets or other secure alternatives to store sensitive data and funds.
  4. Avoid connecting to unsecured networks and sharing critical security information.

The message is clear: with hackers actively targeting vulnerable users, immediate action is essential to prevent further losses during this critical period.

Related Posts