Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges.
In 2022, LastPass disclosed that attackers breached its systems by compromising a developer environment, stealing portions of the company's source code and proprietary technical information.
In a later, but related security incident, the hackers breached the cloud storage firm GoTo using previously stolen credentials and stole LastPass database backups stored on the platform. For some customers, these encrypted password vaults not only contained credentials, but also cryptocurrency wallet private keys and seed phrases.
While the vaults were encrypted, users with weak or reused master passwords were vulnerable to offline cracking, which is believed to have been ongoing since the breach.
"Depending on the length and complexity of your master password and iteration count setting, you may want to reset your master password," warned LastPass when they disclosed the breach.
The link between the LastPass breaches and crypto thefts was further corroborated by the U.S. Secret Service, which in 2025 seized more than $23 million in cryptocurrency and said attackers had obtained victims' private keys by decrypting vault data stolen in a password manager breach.
In court filings, agents said there was no evidence the victims' devices had been compromised through phishing or malware, and that they believed the theft was linked to the stolen password vaults.
Crypto thefts linked to LastPass breach
In a report published last week, TRM said that ongoing cryptocurrency theft attacks have been traced to the abuse of the encrypted LastPass password vaults stolen in 2022.
Rather than the wallet being drained immediately after a breach, the thefts were in waves months or years later, illustrating how the attackers gradually decrypting vaults and extracting stored credentials.
... continue reading