For those that store your information on an online manager

[_act_]

It is no more new but more losses are always linked to LassPass which was an online password manager. Before the stolen of more information that the hackers are using to steal from people, we warned people but they did not listen. LassPass issue has started since 2021 or 2022 until hackers were able to have full access to people's information and using it to steal from them.

Millions of dollars stolen has been linked to LassPass hack but another one has been linked to it by crypto investigator ZachXBT again now.

The January 2024 theft of 283 million XRP from Ripple co-founder Chris Larsen’s personal accounts has been linked to a password manager breach, according to a forfeiture complaint filed by US law enforcement revealed by crypto investigator ZachXBT.

The investigator shared a screenshot of the forfeiture complaint in his Telegram channel on March 7, claiming the theft “was the result of storing private keys in LastPass (password manager which was hacked in 2022). Up to this point, Chris Larsen had not publicly disclosed the cause of the theft.”

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dolar worth of coin on an online manager.

[PX-Z]

I've been considering lastpass before to use as my password manager but i didn't do it, idk, it's just that i don't feel like using password manager even today. But saving your private keys to something like password manager is big no-no. It's worse than saving password to Google drive. Password managers are one of to-do list of hackers to get access to when all passwords located in  a single place It's not only for thousands of users but maybe hundred of thousands of users accounts connected to it, possible emails are saved there too so it will be easy for hackers to access those accounts, unfortunately.

[_act_]

It's worse than saving password to Google drive.

I do not know which one is the worst but I see them all as the same unless it is offline. Only offline savings of information like that I can consider safe and secure.

[bitmover]

It is no more new but more losses are always linked to LassPass which was an online password manager. Before the stolen of more information that the hackers are using to steal from people, we warned people but they did not listen. LassPass issue has started since 2021 or 2022 until hackers were able to have full access to people's information and using it to steal from them.

Millions of dollars stolen has been linked to LassPass hack but another one has been linked to it by crypto investigator ZachXBT again now.

The January 2024 theft of 283 million XRP from Ripple co-founder Chris Larsen’s personal accounts has been linked to a password manager breach, according to a forfeiture complaint filed by US law enforcement revealed by crypto investigator ZachXBT.

The investigator shared a screenshot of the forfeiture complaint in his Telegram channel on March 7, claiming the theft “was the result of storing private keys in LastPass (password manager which was hacked in 2022). Up to this point, Chris Larsen had not publicly disclosed the cause of the theft.”

How did he let it happen?

It is not that hard to store your seeds offline, specially when we are talking about millions of dollars...

I am impressed by how those big whales in crypto can be so naive and make so big mistakes..

[Rruchi man]

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dolar worth of coin on an online manager.

The thing is that these people trust too much, and then they end up being bitten by it. Some of these companies have and show a high level of organization that people could easily get lured into trusting them. Experience will tell you that it is a wrong choice to trust so much, but because some of these people lack experience, they never know or do not take it seriously when they are told about the danger.

[Z-tight]

Passwords should be stored in recommended password managers, but seed phrase or private keys should never be stored in any password manager. It is not so hard to back up your seed phrase offline, buy a stainless steel and engrave your seed words on it yourself, that is very safe.

[TryNinja]

I've been considering lastpass before to use as my password manager but i didn't do it, idk, it's just that i don't feel like using password manager even today.

Don't. According to grok, Lastpass had a data breach in 2015, another in august 2022, and a third one in november of that same year. Yes, that's not exclusive to them, but still... not sure why anyone would still use them.

I've used Bitwarden for quite some time with a very strong password and 2FA, that's probably safer while not 100% bullet proof as a airgapped fully offline solution. Still, convenience has a price and I'm ok with that.

Also, you can self host your bitwarden vault for maximum control. But yeah, only keep password there, not private-keys worth $150 million usd.

[TomPluz]

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dollar worth of coin on an online manager.

This is showing us that some form of stupidity is present in all of us...and it does not matter if you are very much involved with cryptocurrency and you have years of experience in the industry. Well, am guilty on this point from time to time...but if I have millions worth of digital assets I would think hard whether to trust an online password manager like LatPass. Years ago I was using LastPass but I stopped it since I am aware of the possible risks involved even if I was not yet into the industry at that time. Security is always of paramount concern whether you got millions at stake or just hundreds...as it would be difficult to make money these days.

[bitterguy28]

I've been considering lastpass before to use as my password manager but i didn't do it, idk, it's just that i don't feel like using password manager even today. But saving your private keys to something like password manager is big no-no. It's worse than saving password to Google drive. Password managers are one of to-do list of hackers to get access to when all passwords located in  a single place It's not only for thousands of users but maybe hundred of thousands of users accounts connected to it, possible emails are saved there too so it will be easy for hackers to access those accounts, unfortunately.

it can be quite risky because even without hackers, the platform may experience some difficulties on their own and might leak the passwords stored in them so we never really know just how much secure they are even if they have been very efficient in storing passwords you never know what can happen in one day just like what happened with bybit wherein they were reliable until they were vulnerable enough

[robelneo]

I am impressed by how those big whales in crypto can be so naive and make so big mistakes..

Its been said thousands of times before that we are our own bank when it comes to investing in cryptocurrency, and part of securing is knowing where to place our seeds and what tools to use to secure our coins.
Password manager is never a place to store your private keys. If you do not understand how hackers work and their primary targets are password managers, then you are going to be in trouble.

[ZAINmalik75]

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dolar worth of coin on an online manager.

Your curiosity is real because what is the meaning of using a non custodial wallet if we have to lock it using an online password manager that can have loopholes in it and hackers could access the wallet once they hack the password manager, some managers are so hard to break in that with few wrong attempts it would delete all the data within.

These hackers are smart they know who they should target for their hacking because how one can know for sure if a person is using an online manager to store their passwords while they should be either memorizing it or writing it down somewhere more save.

[Z-tight]

because how one can know for sure if a person is using an online manager to store their passwords while they should be either memorizing it or writing it down somewhere more save.

We are not talking about passwords here, but seed phrase or private keys, there is nothing wrong in storing passwords in a password manager, what is wrong is storing sensitive data in it. The best way to back up a seed phrase is offline, engraving it in a stainless steel or writing it down on paper.

[yhiaali3]

I have never believed in password managers on my computer or mobile, so I never store my passwords using a password manager.

Sometimes I store some passwords for some unimportant websites on my Chrome password manager and it has already been hacked, fortunately the passwords stored there are unimportant.

I wonder how someone can store passwords for their accounts worth millions of dollars on a password manager or cloud or something like that, this is very dangerous.

[Z-tight]

I wonder how someone can store passwords for their accounts worth millions of dollars on a password manager or cloud or something like that, this is very dangerous.

The person in this case didn't just store passwords in a password manager, they stored their private keys in a password manager, which is crazy when you think about it. The password manager was hacked and the funds was stolen, people need to understand that anything online is prone to hacking, it may not have happened yet, but that does not mean it is safe.

[Gposas]

This sounds new to me, that people take the risk of saving wallet seed phrase with an online platform???
As I started reading the contents of your post beginning from the topic, I was wondering if it is now something bad to store passwords and codes with an online manager. Because I am a big fan of storing passwords with google. But reading down, I comprehended the motive of your post. And right now I'm still wondering how could users possibly trust a platform to the level of saving his/her wallet seed phrase with them. There's a statement some crypto enthusiasts around me always say and it goes "Never Disclose your Wallet Seed phrase to Anybody"
Saving wallet seed phrase with an online platform, I see it a form of laziness.
No matter how a wallet seems useless to me, I always write down my seed phrase and keep it somewhere very safe and secured how much more a wallet that contains something tangible.