A threat actor has stolen over $5 million in cryptocurrency from 40 individuals, exploiting vulnerabilities connected to LastPass, a popular password management service. The attack, reported by ZachXBT, underscores growing concerns about the security of password storage tools and their integration with cryptocurrency wallets.

According to recent reports, the attacker targeted users who stored private keys and seed phrases for crypto wallets within LastPass. This breach enabled the perpetrator to siphon significant funds from victims’ wallets, with losses estimated at over $5 million.

On-chain analysts and cybersecurity specialists have traced the stolen funds to wallets controlled by a single threat actor. Blockchain data reveals that the hacker used sophisticated tools to drain victims’ funds, targeting wallets linked to LastPass-stored keys. Analysts note that affected users appear to have been targeted specifically, suggesting the attacker had access to decrypted vaults or keys obtained from LastPass' compromised systems.

The breach has highlighted an ongoing risk for crypto holders who store wallet credentials and sensitive information on centralized password managers. Experts warn that once attackers gain access to a password manager, cracking even encrypted files becomes possible through brute-force methods, especially if weaker master passwords are used.

The incident has reignited debates about the security of password managers and their role in protecting digital assets. While LastPass itself has not commented on this specific theft, security experts are advising crypto users to avoid storing seed phrases and private keys on centralized platforms. Instead, they recommend offline or hardware-based solutions, such as cold storage wallets, for managing critical credentials.

For victims, the recovery of stolen funds remains unlikely, as blockchain transactions are irreversible once executed. The attacker has already begun transferring funds through mixers and obfuscation tools to conceal their tracks, complicating investigations.