If you have cryptocurrency in a crypto wallet and the “seed phrase” for that wallet was stored in your LastPass vault in November of 2022, your cryptocurrency is at serious risk.
Strong evidence suggests that, of the 25 million vaults obtained in last year’s LastPass breach, many of the ones that held crypto wallet “seed phrases” have been cracked and the contents of those wallets have been stolen.
To protect your cryptocurrency, you will need to ensure that it is not in a wallet whose “seed phrase” was exposed in the November breach.
To be clear, the LastPass vaults were stolen and are being cracked offline. This means that even if you changed things in your vault after the breach, it doesn’t make any difference because the cyber criminals are working with a copy of the vault from November of 2022.
If you had a LastPass vault in November of 2022 and you haven’t yet changed your compromised passwords, you should at least change your email account password today. If someone compromises your email account, they can get into nearly any of your other accounts simply by using the “Forgot password” link and having a password reset link emailed to them.
The attackers went after cryptocurrency first. When that dries up, they may start going after other sources of money such as bank, investment, and retirement accounts. Protect yourself before it’s too late.
You can read more about this in Brian Krebs’ blog post here.
Rob's Little Corner of the Internet 