Security Affairs reports:
The blockchain intelligence firm TRM Labs warns that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025.
In 2022, hackers breached LastPass, stealing encrypted backups of roughly 30 million vaults containing sensitive credentials, including crypto keys. TRM experts pointed out that attackers could decrypt vaults with weak master passwords, creating a multi-year risk. Wallet drains continued through 2024–2025, with stolen funds traced through mixers to high-risk Russian exchanges. TRM Labs found repeated use of Russian cybercrime infrastructure and continuity of wallet control, indicating likely Russian criminal involvement in monetizing the breach.
Read more at Security Affairs.
