How stolen data in 2022 LastPass breach may be making hackers rich

LastPass continues to haunt users. As per a report, hackers have now exploited stolen data to launch a new wave of attacks, resulting in the theft of $5.36 million in cryptocurrency from over 40 different crypto wallets.
According to Blockchain expert ZachXBT (via Tom’s Guide), the latest attacks stem from the data breach that occurred two years ago. The hackers have reportedly swapped the stolen cryptocurrency for Ethereum and then transferred it to various exchanges, converting it into Bitcoin.
This essentially makes it virtually impossible for victims to recover their funds. This latest incident follows previous attacks linked to the LastPass breach, which resulted in the theft of $4.7 million in cryptocurrency in 2023 and another $6.4 million in 2024.
ZachXBT highlighted that some users may have stored their cryptocurrency seed phrases or keys in LastPass, making them vulnerable to these attacks.

In a statement, LastPass' CTO and CSO Christofer Hoff said that the company has not found any definitive evidence directly connecting these thefts to the LastPass breach.
“A year has passed since initial claims surfaced alleging a link between certain cryptocurrency thefts and the 2022 LastPass security incidents. In that time, LastPass has investigated these claims and to date is not aware of any conclusive evidence that directly connects these crypto thefts to LastPass. Because we take any claims regarding the security of LastPass and our customers seriously, we continue to invite any security researchers who believe they may have evidence to contact the LastPass Threat Intelligence team at [email protected],” Hoff was quoted as saying.

LastPass suffered a major security breach in 2022 in which source code, API tokens and MFA seeds as well as keys were exposed.