Russian Networks Linked to Laundering of LastPass Breach's $35M in Stolen Crypto

Following the 2022 LastPass data breach, blockchain firm TRM Labs has tied over $35 million in stolen cryptocurrency to Russian cybercriminals, detailing sophisticated laundering via mixers and exchanges persisting into late 2025.

Blockchain intelligence firm TRM Labs has deepened its analysis of the 2022 LastPass breach—previously reported for enabling prolonged crypto thefts—revealing direct ties to Russian cybercriminal networks. The password manager hack exposed user vaults, allowing drainings that continued into late 2025.

Attackers obscured the trail using privacy tools: converting assets to Bitcoin via instant swaps, then mixing through Wasabi Wallet and CoinJoin. TRM Labs de-anonymized these using behavioral analysis, tracking wallet software patterns and digital footprints.

Funds ultimately flowed to Russian platforms, including sanctioned exchange Cryptex and Audi6 ($7M deposited). A 'consistent on-chain signature' indicates a single Russia-based group. This underscores Russian exchanges' role in illicit finance, evading global enforcement amid persistent state-linked threats.

Verwandte Artikel

Illustration of a hacked Polymarket wallet showing $520,000 being drained on the Polygon blockchain.
Bild generiert von KI

Polymarket internal wallet drained of over $500,000

Von KI berichtet Bild generiert von KI

A private key compromise led to a drain of more than $520,000 from a Polymarket-linked wallet on the Polygon blockchain on May 22. The prediction market platform confirmed that user funds and core contracts remained unaffected.

North Korean state-backed hackers have stolen more than $6 billion in cryptocurrency since 2017, accounting for 76% of all crypto hack losses in 2026. The groups, including Lazarus and DPRK, drained $577 million from DeFi platforms in April alone. TRM Labs highlighted a shift to sophisticated tactics, including in-person social engineering.

Von KI berichtet

Thorchain confirmed a suspected multichain exploit on May 15 that drained about $10 million from users across several networks. The protocol activated emergency halts and has now launched a recovery portal for affected wallets.

Blockchain analytics firm TRM Labs reported that CoinEx facilitated more than $3.84 billion in crypto transactions with over 60 sanctioned Iranian platforms over seven years. CoinEx rejected the claims and stated it has begun exiting Iran-related business.

Diese Website verwendet Cookies

Wir verwenden Cookies für Analysen, um unsere Website zu verbessern. Lesen Sie unsere Datenschutzrichtlinie für weitere Informationen.
Ablehnen