top of page
perceptive_background_267k.jpg

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Published:

25 December 2025 at 12:46:00

Alert date:

25 December 2025 at 13:02:17

Source:

thehackernews.com

Click to open the original link from this advisory

Identity & Access, Data Breach & Exfiltration

TRM Labs reveals that encrypted vault backups stolen in the 2022 LastPass data breach continue to enable cybercriminals to crack weak master passwords and drain cryptocurrency assets through late 2025. Russian cybercriminal actors are believed to be involved in these ongoing attacks. The breach demonstrates the long-term impact of password manager compromises, where attackers can persistently attempt to crack encrypted vaults over years. Victims with weak master passwords remain vulnerable to having their cryptocurrency wallets accessed and drained. The findings highlight the critical importance of strong master passwords for password manager security.

Technical details

Attackers exploited encrypted vault backups stolen from the 2022 LastPass breach by using brute-force techniques to crack weak master passwords. Over $35 million in cryptocurrency was stolen, with $28 million converted to Bitcoin and laundered via Wasabi Wallet between late 2024 and early 2025. Another $7 million was linked to a September 2025 wave. Funds were routed through Cryptomixer.io and off-ramped via Russian exchanges Cryptex and Audia6. Despite CoinJoin mixing techniques, TRM Labs demixed the activity by analyzing clustered withdrawals and peeling chains.

Mitigation steps:

Users should rotate passwords and improve vault security, particularly strengthening master passwords to prevent brute-force attacks on encrypted vault data.

Affected products:

LastPass password manager

Related links:

https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement
https://thehackernews.com/2022/12/lastpass-admits-to-severe-data-breach.html
https://thehackernews.com/2025/12/weekly-recap-apple-0-days-winrar.html#:~:text=U.K.%20Fines%20LastPass%20for%202022%20Breach
https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html

Related CVE's:

Related threat actors:

IOC's:

Cryptomixer.io, Cryptex exchange, Audia6 exchange, Wasabi Wallet, Russian exchanges associated with illicit activity

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page