An anonymous LastPass user has filed a lawsuit seeking damages after losing $200,000 in Ethereum due to a 2022 security breach. The plaintiff claims LastPass failed to notify him about the hack, which exposed his seed phrase stored on the platform.
The hackers used the compromised seed phrase to regenerate the victim’s Ethereum wallet and withdraw all funds.
LastPass experienced a significant data breach in late 2022, which led to $4.4 million being stolen from 25 users in 2023. This case marks one of the first legal actions stemming from that incident.
The lawsuit, filed in Washington state by a San Diego-based consumer law firm, keeps the victim’s identity confidential. It alleges that LastPass did not inform the user of the breach, enabling the theft.
However, experts note that storing seed phrases online is highly risky, as they cannot be changed once created. Notification delays may not have prevented the loss since the victim could have moved funds only by acting quickly after being informed.
Despite the ongoing fallout, LastPass remains operational. The company may pursue a settlement to avoid prolonged litigation.
Note: Readers are encouraged to verify information independently and consult professionals before making decisions based on this report.