"The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of the Russian exchanges receiving LastPass-linked funds as recently as October."
"LastPass suffered a major hack in 2022 that enabled attackers to access personal information belonging to its customers, including their encrypted password vaults containing credentials, such as cryptocurrency private keys and seed phrases. Earlier this month, the password management service was fined $1.6 million by the U.K. Information Commissioner's Office (ICO) for failing to implement sufficiently robust technical and security measures to prevent the incident."
""Any vault protected by a weak master password could eventually be decrypted offline, turning a single 2022 intrusion into a multi-year window for attackers to quietly crack passwords and drain assets over time," the company said. "As users failed to rotate passwords or improve vault security, attackers continued to crack weak master passwords years later - leading to wallet drains as recently as late 2025.""
Encrypted vault backups stolen in the 2022 LastPass breach were subject to offline brute-force decryption of weak master passwords, enabling cryptocurrency theft continuing into late 2025. On-chain evidence indicates repeated interaction with Russia-associated infrastructure, continuity of control across mixing activity, and use of high-risk Russian exchanges as off-ramps. The U.K. Information Commissioner’s Office fined LastPass $1.6 million for insufficient technical and security measures. Failure by users to rotate passwords or strengthen vault security allowed attackers to continue cracking weak master passwords over multiple years, producing recurring wallet drains.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]