556/68 Tuesday, December 30, 2025
Blockchain intelligence firm TRM Labs has revealed that vault backups stolen during the 2022 LastPass data breach are still being actively cracked, enabling ongoing cryptocurrency theft through 2025, particularly in cases where users set weak or insufficiently complex master passwords. This incident highlights how a single data breach can create long-term security impacts lasting for years.
According to TRM Labs, the 2022 attack allowed threat actors to obtain encrypted backup data of approximately 30 million LastPass user vaults, which contained a large volume of sensitive information, including keys and credentials used to access cryptocurrency wallets. Attackers have been systematically decrypting vaults protected by weak passwords and stealing crypto assets continuously from 2023 through 2025. The stolen funds were then converted into Bitcoin and laundered through crypto mixing services.
Blockchain transaction analysis conducted by TRM Labs indicates that more than USD 28 million in cryptocurrency has been stolen as a result of this breach. The laundering patterns show links to high-risk cryptocurrency exchanges in Russia, including Cryptex and Audi6. The report underscores that crypto infrastructure in certain regions continues to serve as a critical channel for laundering proceeds from global cybercrime. Meanwhile, UK regulators fined LastPass £1.2 million for failing to implement adequate security measures to prevent the breach.
