30s Summary

Just before Christmas, hackers stole $5.36 million from 40 LastPass users. This follows a similar heist in December 2022 where hackers accessed a customer data backup, and a $4.4 million theft in October. The total loss is close to $45 million, converted into Ether (ETH) and transferred through various instant exchanges. The white hat hacker team, Security Alliance (SEAL), has advised all LastPass users to move their assets. The phenomenon termed ‘hacker season’ sees a surge in scams during the holidays, and Meta issued a warning against scam campaigns during this period. However, phishing losses dropped by 53% in November.

Full Article

Just before Christmas, hackers got the upper hand on LastPass, robbing another 40 people of their cash. These naughty list hackers swiped $5.36 million eight days before Christmas. This isn’t the first time LastPass users got hit. In December 2022, hackers accessed a backup of customer data. So far, they’ve made off with more than $35 million in crypto. Add in the recent heist along with a $4.4 million snag back in October, and that number gets scarily close to $45 million.

The money wasn’t just sitting there either, it was changed into Ether (ETH) and moved around to different instant exchanges. This is according to ZachXBT, a blockchain detective of sorts, who has been tracking the situation, sharing info with over 48,000 people on Telegram. He even put all the evidence on Chainabuse, a platform where you can report crypto scams.

Now, if you’re wondering just how dangerous this situation is, let’s say it’s serious enough for the good hackers, a.k.a white hat hacker team Security Alliance (SEAL), to be warning folks. If you’re still using LastPass to hold your private keys and seed phrases from before 2023, you might want to think again. They have one pretty straightforward advice for everyone: “Move your assets before hackers move them for you.” The danger isn’t just for crypto holders, they’ve gotten their hands on non-crypto funds too. ‘Tay’, another blockchain detective, says that around $250 million have been stolen from thousands of users in May.

SEAL, Tay, and many others are just begging ex-LastPass users to get their assets out of LastPass while they still can.

Since it’s December, or ‘hacker season’, the surge in LastPass hacking incidents doesn’t exactly come as a surprise. Cybersecurity firm Cyvers says that scams tend to go up during the holidays, warning everyone to watch out for stuff that might seem suspiciously festive, to keep their 2FA codes private, and to stay away from free WiFi.

Such shenanigans tend to make the holiday season a prime time for cyber criminals. So much so that even Meta, the company that owns Facebook, Instagram, and WhatsApp, put out a warning of multiple scam campaigns. These scams range from fake Christmas gift box promotions to bogus holiday decoration sales and counterfeit retail coupons.

Interestingly though, in spite of the overall scam landscape, phishing losses actually dropped by 53% in November, amounting to $9.3 million. But with the holiday season in full swing, it’s safe to say that the bad guys are probably looking to bounce back.