Recent investigations by TRM Labs reveal that encrypted vault backups stolen during the 2022 LastPass breach are still being exploited by Russian cybercriminals to drain cryptocurrency wallets as late as 2025. By targeting vaults protected by weak master passwords, these actors have successfully siphoned over 35 million dollars in digital assets by utilizing high-risk Russian exchanges and sophisticated laundering techniques.
The security incident that occurred several years ago continues to have devastating consequences for users who did not update their security credentials. Because the stolen vaults are stored offline by the attackers, they have had years to use brute-force methods to crack master passwords without detection. This has created a persistent threat where accounts with insufficient protection remain vulnerable to being drained long after the initial data theft took place.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Blockchain intelligence indicates that a significant portion of the stolen funds was processed through mixing services to hide their origin before being moved to specific Russian exchanges. These platforms, some of which have faced international sanctions for their involvement in ransomware and other illicit activities, serve as the primary exit points for the stolen capital. Evidence shows that the perpetrators have maintained consistent control over the assets throughout the complex laundering process.
Analytical tools have allowed researchers to see through the privacy measures used by the hackers, such as the CoinJoin technique. By identifying specific patterns in how the funds were moved and withdrawn, investigators were able to link the activity to a broader ecosystem of Russian cybercrime. This ability to de-mix the transactions has been crucial in attributing the multi-year campaign to specific regional actors and infrastructure.
The ongoing nature of these thefts highlights a critical failure in technical and security measures, leading to a recent 1.6 million dollar fine for the password management service by British regulators. The situation serves as a stark reminder that a single data breach can provide a lifelong window of opportunity for criminals if the encrypted data is not protected by highly complex passwords. As the stolen assets continue to move through the financial system, the focus remains on tracking the high-risk exchanges that facilitate these transfers.
Source: LastPass 2022 Breach Led To Years Long Cryptocurrency Thefts TRM Labs Finds
Great breakdown of this ongoing threat. The offline brute-force angle is what makes this breach so nasty compared to others tbh. I had a client who used a password manager for their startup and went with something like "Company2020!" thinking it was clever, but cases like this show why even encrypted backup theft becomes a ticking time bomb when complexity isnt truly random. The long tail on breaches is something people dunno enough about.