top of page
Search

Stolen LastPass Vault Backups Enable Crypto Theft Through 2025

  • Dec 28, 2025
  • 2 min read

Key Findings


  • Encrypted vault backups stolen in the 2022 LastPass breach are still being cracked, enabling crypto theft as late as 2025.

  • Attackers have drained over $28 million in crypto by exploiting weak master passwords to decrypt the stolen vaults.

  • The funds were laundered through Russian cybercrime infrastructure, including mixers and high-risk exchanges.

  • TRM Labs' analysis indicates likely Russian criminal involvement in monetizing the LastPass breach.


Background


In 2022, hackers breached LastPass, a popular password manager, and stole encrypted backups of roughly 30 million user vaults containing sensitive credentials, including cryptocurrency keys.


Continued Crypto Thefts


  • TRM Labs, a blockchain intelligence firm, warned that the encrypted vault backups are still being cracked by attackers using weak master passwords.

  • This has enabled continued cryptocurrency thefts, with wallet drains persisting through 2024 and 2025.

  • Over $28 million in crypto has been stolen and laundered through mixers like Wasabi Wallet, and off-ramped through Russian exchanges like Cryptex and Audi6.


Laundering and Russian Involvement


  • TRM Labs found repeated use of Russian cybercrime infrastructure and continuity of wallet control, indicating likely Russian criminal involvement in monetizing the breach.

  • The analysts identified on-chain patterns, SegWit, Replace-by-Fee, single-use addresses, and coordinated deposit/withdrawal clusters, linking the activity to Russia-based operators.

  • The findings highlight the central role of Russian cybercrime infrastructure in monetizing large-scale hacks and the diminishing effectiveness of mixing as a reliable means of obfuscation.


Regulatory Action and Implications


  • Earlier this month, the U.K. ICO fined LastPass £1.2m ($1.6m) for inadequate security measures that failed to prevent the breach.

  • The significance of likely Russian involvement extends beyond this single case, as Russian high-risk exchanges and laundering services have repeatedly served as critical off-ramps for globally dispersed cybercriminal networks.

  • The LastPass case underscores how Russia-based financial infrastructure continues to function as a systemic enabler of global cybercrime, even as enforcement pressure increases elsewhere.


Sources


  • https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html

  • https://www.instagram.com/p/DSr-gZID1eo/

  • https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html

  • https://www.facebook.com/thehackernews/posts/stolen-vault-backups-from-the-2022-lastpass-breach-are-still-paying-out35-millio/1253305743500673/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page