The 2022 LastPass data breachβs encrypted vault backups have been exploited over years, with Russian cybercriminals cracking weak master passwords to steal cryptocurrency assets until late 2025. Threat analysis reveals links to Russian exchanges and sophisticated laundering techniques, emphasizing ongoing risks in digital asset security. #LastPass #TRMLabs #RussianCybercriminals #CryptocurrencyTheft
Keypoints
- The 2022 LastPass breach led to the theft of encrypted vaults containing cryptocurrency private keys and seed phrases.
- Cybercriminals used brute-force techniques over several years to crack weak master passwords and drain assets.
- New findings tie the illicit activities to Russian exchanges and the laundering of stolen funds through mixers.
- Over $35 million in digital assets have been traced, with significant amounts converted to Bitcoin and laundered via Wasabi Wallet.
- Despite the use of mixers, layered analysis revealed operational patterns that link the theft to Russian high-risk exchanges.
Read More: https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html