- LastPass vaults stolen in the 2022 breach are still being cracked, enabling crypto theft years later
- TRM Labs reports ~$35M stolen, with funds laundered via mixing services
- MetaMask’s earlier findings suggest the true losses may approach $100M, as seed phrases remain prime targets
The data breach incident at LastPass, which happened more than three years ago, is still enabling cryptocurrency theft. In fact, cybercriminals managed to steal approximately $35 million to date by cracking stolen LastPass vaults, researchers said.
In August 2022, LastPass (which was considered one of the best password managers around at the time) suffered a data breach that allowed the attackers to get away with people’s password vaults.
These are essentially encrypted folders where users store their passwords and other secrets, guarded by a master password. Without it, though, it’s impossible to decrypt the folder and access its contents.
Stealing seed phrases
That doesn’t mean that the attackers can’t try and brute-force their way in, using specialized hardware and software. If the master password is relatively weak (a simple combination, for example), they might be able to crack it: "Depending on the length and complexity of your master password and iteration count setting, you may want to reset your master password," LastPass warned at the time of the breach.
Blockchain analysis firm TRM Labs has now published a new report, saying cybercriminals were successful at breaking into many of these vaults that contained seed phrases - strings of 12 or 24 words that allow users to load a cryptocurrency wallet into a new account, and access all of the funds found inside.
"The linkage in the report is not based on direct attribution to individual LastPass accounts, but on correlating downstream on-chain activity with the known impact pattern of the 2022 breach," TRM told BleepingComputer. "That created a scenario in which wallet drains would occur well after the original breach, rather than immediately, and in distinct waves."
TRM Labs also said that crooks stole all kinds of cryptocurrencies, converted them into bitcoin, and then tried to hide their tracks by using mixing services (essentially crypto laundering tools). The researchers concluded that more than $28 million was stolen and laundered this way in late 2024 and early 2025, with an extra $7 million being linked to attacks in September 2025.
It’s also worth mentioning that a separate report, published by wallet makers MetaMask in September 2023, also said the crooks stole $35 million this way, which could mean that the actual figure is now closer to $100 million.
TRM says most of the funds were cashed out using Russian exchanges.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.