CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Stolen crypto from 2022 LastPass breach enables multi-year theft campaign

By Leave a Comment
LinkedInReddit

TRM Labs has traced more than USD 35 million in cryptocurrency thefts linked to encrypted vault backups stolen in the 2022 LastPass breach, with on-chain activity suggesting Russian cybercriminal involvement and funds reaching Russian exchanges as recently as October.

The 2022 hack exposed millions of encrypted user vault backups. While the data was initially locked behind master passwords, attackers created a long-term opportunity to crack weak or unchanged passwords offline and quietly drain stored crypto keys over the following years. Wallet drains tied to the breach continued throughout late 2025.

TRM analysts grouped the thefts into campaign-level clusters, allowing them to link large portions of the stolen funds to a withdrawal pipeline that aligned closely in timing and value. The firm estimates that USD 28 million was converted to Bitcoin and mixed via Wasabi Wallet between late 2024 and early 2025, with an additional USD 7 million tied to a September 2025 wave that also flowed to Russian exchanges.

The laundering pipeline repeatedly used Russian exchanges Cryptex and Audia6 as off-ramps. Cryptex was sanctioned by the US Treasury in September 2024 after receiving more than USD 51.2 million in illicit funds, including ransomware-linked proceeds.

The wider impact of the 2022 breach continues to unfold beyond crypto thefts. In December 2025, the UK Information Commissioner’s Office fined LastPass £1.2 million for failing to implement adequate security measures, noting that the incident compromised personal information for up to 1.6 million UK customers.

The case highlights how cybercriminal groups adapt quickly, shifting infrastructure when services are sanctioned, and how mixing services no longer guarantee anonymity when consistent off-ramp ecosystems are reused over time. It also reinforces Russia’s role as a key liquidity hub for global cybercrime operations.

Mitigation and user advice

Security analysts warn that vault data stolen in 2022 can still be exploited today, especially if users have never updated their master passwords. LastPass users are advised to:

  • Change your master password to something stronger and unique
  • Move any crypto wallets that used keys or recovery phrases stored in LastPass before 2022
  • Be cautious if you notice old, unexpected crypto transactions and report them to your wallet provider
  • Keep your apps and devices updated, and use security tools that monitor for suspicious account or wallet activity.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly