- LastPass vaults stolen in the 2022 breach are still being cracked, enabling crypto theft years later
- TRM Labs reports ~35 million stolen. USD, with money laundered through mixing services
- MetaMask’s previous results suggest that true losses could approach $100 million as seed sets remain primary targets
The LastPass data breach, which happened more than three years ago, still enables the theft of cryptocurrency. In fact, cybercriminals have managed to steal about $35 million to date by cracking stolen LastPass vaults, researchers said.
In August 2022, LastPass (which was considered one of the best password managers at the time) suffered a data breach that allowed the attackers to make off with people’s password vaults.
These are essentially encrypted folders where users store their passwords and other secrets, protected by a master password. However, without it, it is impossible to decrypt the folder and access its contents.
Steal seed sentences
This does not mean that the attackers cannot try to penetrate using specialized hardware and software. If the master password is relatively weak (such as a simple combination), they may be able to crack it: “Depending on the length and complexity of your master password and the iteration count setting, you may want to reset your master password,” LastPass warned at the time of the breach.
Blockchain analytics firm TRM Labs has now released a new report saying that cybercriminals were successful in breaking into many of these vaults that contained seed phrases – strings of 12 or 24 words that allow users to load a cryptocurrency wallet into a new account and access all the funds contained within.
“The link in the report is not based on direct attribution to individual LastPass accounts, but on correlating downstream on-chain activity with the known impact pattern of the 2022 breach,” TRM told Bleeping Computer. “It created a scenario where the wallet would emerge well after the original breach, rather than immediately, and in different waves.”
TRM Labs also said that crooks were stealing all kinds of cryptocurrencies, converting them to bitcoin, and then trying to hide their tracks by using mixing services (essentially crypto-laundering tools). The researchers concluded that more than $28 million was stolen and laundered this way in late 2024 and early 2025, with another $7 million linked to attacks in September 2025.
It’s also worth mentioning that a separate report, released by wallet makers MetaMask in September 2023, also said the crooks stole $35 million this way, which could mean the actual number is now closer to $100 million.
TRM says most of the funds were disbursed using Russian stock exchanges.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
