More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • LemmyFeed@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    arrow-down
    5
    ·
    1 year ago

    These guys saved their seed phrases to LastPass, not just account passwords. You can’t just change your seeds without moving funds to a new wallet.

    The main lesson here is never store your seeds in digital form, ever. Write it down by hand on paper at creation and then take additional efforts to safeguard it.

    • DrRatso@lemmy.ml
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I just store recovery phrases of all kinds on an encrypted USB stick (which is obviously only connected to my PC when I need to put a new one in or use it (which so far has happened never)), I feel like that is secure enough for me, although if I could laminate at home I might print and make small cards in a separate a card wallet. Any other way I feel like I would eventually lose them, the particular USB drive ive had for over 15 years, it is 512 MB lol.

      • pedro@lemm.ee
        link
        fedilink
        English
        arrow-up
        36
        ·
        1 year ago

        USB sticks are not very reliable and can become totally unreadable randomly. I hope you at least have a few backups of it

        • douglasg14b@lemmy.world
          link
          fedilink
          English
          arrow-up
          16
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Yeah, they are horribly unreliable.

          I got myself 5 sticks, put the same data on all 5.

          1st was dead within a month. 2nd & 3rd both dead in 4m, 4th dead in 6m. The 5th is still alive 3 years later.

          It’s a shit lottery, don’t play it, modern flash drives are absolutely garbage. Yet I still have a whole pile of 1,2, 4 GB flash drives from over a decade ago and they all still work.

          • jarfil@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Old flash drives used to be all SLC.

            Newer ones, use the cheapest tech for the same capacity, with QLC being about 16 times less reliable than SLC.

        • Aux@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          USB sticks can be very different. I would recommend using small M.2 SSD in a stick enclosure.

      • hihellobyeoh@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I would duplicate to at least 2 sticks, and also a written form that you keep stored with important documents, like a safe with your SSN, birth certificate, etc.

      • deafboy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        For any significant amount of money, the seed should never even touch a PC. No USBs, no printers.

    • aesthelete@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      I wrote my seed information down for my poop coin wallet directly on Charmin double ply and then promptly wiped my ass with it and flushed.

      All my apes gone!

      • CryptoRoberto
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Shit coin is far superior than poop coin. All the apes have shit coin. You never lose the password to shit coin, there’s always more shit coin passwords.

    • lustrum
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      How were the wallets cracked? Cracked the master password?