Following the 2022 LastPass data breach, blockchain firm TRM Labs has tied over $35 million in stolen cryptocurrency to Russian cybercriminals, detailing sophisticated laundering via mixers and exchanges persisting into late 2025.
Blockchain intelligence firm TRM Labs has deepened its analysis of the 2022 LastPass breach—previously reported for enabling prolonged crypto thefts—revealing direct ties to Russian cybercriminal networks. The password manager hack exposed user vaults, allowing drainings that continued into late 2025.
Attackers obscured the trail using privacy tools: converting assets to Bitcoin via instant swaps, then mixing through Wasabi Wallet and CoinJoin. TRM Labs de-anonymized these using behavioral analysis, tracking wallet software patterns and digital footprints.
Funds ultimately flowed to Russian platforms, including sanctioned exchange Cryptex and Audi6 ($7M deposited). A 'consistent on-chain signature' indicates a single Russia-based group. This underscores Russian exchanges' role in illicit finance, evading global enforcement amid persistent state-linked threats.
