As the holiday cheer spreads, so do online scams. Just before Christmas, LastPass users experienced a setback when hackers took $5.36 million in cryptocurrencies. managing digital credentials This new security breach is another chapter in the LastPass saga that started in 2022.
Blockchain investigator ZachXBT first brought the shocking news of this attack to light on his Telegram channel, revealing $5.36 million was pilfered from around 40 LastPass users. The stolen funds were then cleverly converted into Ethereum and laundered across multiple exchanges to cover the tracks.
ZachXBT highlighted that this recent theft links back to a 2022 incident where a LastPass engineer's laptop was compromised, giving attackers access to sensitive information and proprietary code.
Hacking The Holidays
In late 2022, LastPass acknowledged that intruders managed to copy encrypted vault data, including critical passwords. Despite the encryption, hackers have been attempting to bypass it.
Since the breach in 2022, cryptocurrency-related losses have swelled to over $35 million from more than 150 incidents, mainly impacting those storing seed phrases with LastPass. This recent hack increases the estimated crypto losses to $45 million.
The Security Alliance (SEAL) has sent out a cautionary note for anyone who has used LastPass before 2023, especially if cryptocurrency details were involved, identifying over 15 potential breaches just this past Monday.
As hackers relentlessly exploit vulnerabilities, users storing private keys or seed phrases on LastPass must act fast to secure their assets in a new wallet. Those utilizing advanced wallets should update their configurations away from LastPass-associated addresses.
With the online presence at its peak during the holidays, hackers find it opportune to strike at cryptocurrency users, as warned by blockchain security experts from Cyvers Alerts.
Amidst holiday preparations, people often lose focus, making them easy targets for hacking attempts, potentially leading to hefty financial damages.
For protecting assets, Cyvers suggests verifying all communications, enabling two-factor authentication, and steering clear from public Wi-Fi during sensitive operations. Staying alert to holiday-themed phishing scams is crucial.
Hijacking social media accounts of big brands and prominent personalities is increasingly common.
ADA Exploit
On December 8, hackers overtook Cardano Foundation's official X account, pushing a counterfeit token called ADAsol, and spreading misinformation about a supposed SEC lawsuit.
The perpetrators claimed that the foundation would end support for its ADA token over this fictitious lawsuit.
The deceitful posts caused trading of this scam token to reach around $500,000 before its worth crashed by 99% once the scam was debunked. The Cardano community acted quickly to inform others, clarifying there was no SEC lawsuit.
Charles Hoskinson, Cardano's founder, addressed the hack, assuring users about the system's security. The foundation has regained control over its account and is conducting a thorough probe to avert future breaches.
Mere days later, on December 14, Canadian rapper Drake's official X account got hacked. The fraudsters pushed a Solana-themed meme token named Anita, falsely associating it with Drake's tour and his ties with Stake, a gambling entity.
In their scheme, hackers falsely linked the token to Drake's upcoming Anita Max Wynn Tour for credibility.
Promotional materials, along with a contract address for the token, were posted but quickly taken down. The fraudulent scheme resulted in about $5 million trading volume before traders realized it was a scam.
Nicholas Say was born in Ann Arbor, Michigan, and has lived a diverse life, including years in Uruguay and now resides in the Far East. His writings, focusing on pragmatic advancements and future technology, can be found across the web.
