Threat actors using private keys and passphrases from LastPass databases stolen in cyberattacks last August and December were reported by ZachXBT and MetaMask developer Taylor Monahan to have been able to exfiltrate $4.4 million worth of cryptocurrency on Oct. 25, BleepingComputer reports.
Such amount of cryptocurrency has been stolen from more than 25 victims, said ZackXBT in a tweet, which also urged organizations and individuals using LastPass to immediately migrate their cryptocurrency assets.
Meanwhile, Monahan and other researchers were reported by Brian Krebs to have attributed the earlier theft of more than $35 million to the same attackers.
"At this point, I'm also confident in saying that, in most of these cases, the compromised keys were stolen from LastPass. The number of victims who only had the specific group of seeds/keys that were drained stored in LastPass is simply too much to ignore," said Monahan in a tweet in August.
You can skip this ad in 5 seconds