Hackers siphoned a total of $4.4 million worth of crypto from at least 25 LastPass users on Oct. 25, according to blockchain analyst ZachXBT.
LastPass is a platform that stores and encrypts password information for users. Its cloud-based storage service was breached in an attack last year that involved targeting an employee and stealing their credentials.
ZachXBT and MetaMask developer Taylor Monahan have tracked at least 80 crypto wallets that have been compromised in relation to the hack.
Funds have been stolen from the Bitcoin, Ethereum, BNB, Arbitrum, Solana and Polygon blockchains, according to a list published by Monahan.
"Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately," ZachXBT wrote on X, formerly Twitter.
Cryptocurrency wallets are often targeted by hackers because a common attack vector is obtaining a private key, which gives the hacker complete access to funds. In July more than $300 million was stolen from crypto users in a string of hacks and exploits.
Cybersecurity journalist Brian Krebs reported that more than $35 million worth of crypto had been stolen in relation to the LastPass breach.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.