Ethical Hacking News
The 2022 LastPass breach has been linked to a series of cryptocurrency thefts that occurred years after the initial breach, highlighting the ongoing threat of password manager breaches and their potential impact on cryptocurrency users. According to TRM Labs, the attackers gradually decrypted vault data and extracted stored credentials before draining wallets in waves months or years later.
Blockchain investigation firm TRM Labs has confirmed that ongoing cryptocurrency thefts were traced back to the 2022 LastPass breach. The LastPass breach provided a golden opportunity for hackers to compromise sensitive information of millions of users, including encrypted password vaults and cryptocurrency wallet private keys. Attackers gained access to user data and extracted stored credentials over time before draining wallets in waves months or years later. Users with weak or reused master passwords were primarily targeted, leaving them vulnerable to offline cracking. More than $28 million in cryptocurrency was stolen and laundered through Wasabi Wallet between late 2024 and early 2025. The attackers used Russian-linked exchanges to cash out the funds, further confirming the link to the Russian cybercrime ecosystem.
In a shocking revelation, blockchain investigation firm TRM Labs has confirmed that ongoing cryptocurrency thefts have been traced back to the 2022 LastPass breach. The news comes as a surprise to many, given that the initial breach was disclosed years ago and no further action was taken against the attackers. However, it appears that the breach provided a golden opportunity for hackers to compromise the sensitive information of millions of users.
LastPass, a popular password manager, had previously disclosed that an attacker breached its systems in 2022. The breach was attributed to a developer environment being compromised, resulting in the theft of portions of the company's source code and proprietary technical information. However, it seems that this breach went far beyond what was initially reported.
In addition to compromising LastPass' source code, hackers also gained access to sensitive user data, including encrypted password vaults. These vaults contained not only login credentials but also cryptocurrency wallet private keys and seed phrases. This information would have been highly valuable to hackers looking to gain unauthorized access to users' wallets.
According to TRM Labs, the attack was not limited to individual wallets being drained immediately after the breach. Instead, hackers gradually decrypted vault data and extracted stored credentials over time before draining wallets in waves months or years later. This approach allowed the attackers to cover their tracks and avoid detection for a considerable amount of time.
The victims of these attacks were primarily users who had weak or reused master passwords, leaving them vulnerable to offline cracking. LastPass warned its users about this vulnerability shortly after disclosing the breach, advising them to reset their master passwords as soon as possible.
However, it appears that some users failed to take this advice seriously, leaving themselves open to exploitation by hackers. In fact, TRM Labs revealed that more than $28 million in cryptocurrency was stolen and laundered through Wasabi Wallet between late 2024 and early 2025, with an additional $7 million tied to a later wave of attacks in September 2025.
Furthermore, the attackers used Cryptex and Audi6, two Russian-linked exchanges, to cash out the funds. This further confirms that the attack was linked to actors operating within or closely tied to the Russian cybercrime ecosystem.
One of the most striking aspects of this case is how hackers were able to exploit the use of encrypted password vaults to their advantage. By using CoinJoin transactions, attackers were able to mix their stolen cryptocurrency with others and make it more challenging for investigators to track down the origin of the funds.
However, TRM Labs was able to "demix" the cryptocurrency by analyzing behavioral characteristics such as transaction structure, timing, and wallet configuration choices. This achievement demonstrates the firm's expertise in blockchain analysis and its ability to connect seemingly unrelated pieces of data.
The U.S. Secret Service also confirmed the link between the LastPass breach and the cryptocurrency thefts. In 2025, agents seized more than $23 million in cryptocurrency and stated that attackers had obtained victims' private keys by decrypting vault data stolen in a password manager breach. There was no evidence to suggest that victims' devices were compromised through phishing or malware.
In conclusion, the recent revelation that ongoing cryptocurrency thefts have been linked to the 2022 LastPass breach highlights the ongoing threat of password manager breaches and their potential impact on cryptocurrency users. It is crucial for users to take proactive measures to secure their sensitive information and to remain vigilant against potential threats.
As the cybersecurity landscape continues to evolve, it is essential that we learn from past mistakes and take steps to prevent similar attacks in the future. The case of LastPass' breach serves as a reminder of the importance of robust security measures and the need for users to prioritize online safety.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Cryptocurrency-Theft-Attacks-Linked-to-LastPass-Breach-A-Timeline-of-Deception-ehn.shtml
https://www.bleepingcomputer.com/news/security/cryptocurrency-theft-attacks-traced-to-2022-lastpass-breach/
https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html
https://digitalmarketreports.com/news/57668/encrypted-lastpass-vaults-continue-fueling-crypto-theft-years-after-2022-breach-trm-labs-says/
Published: Fri Jan 2 11:39:08 2026 by llama3.2 3B Q4_K_M
