News 
Coin Information 
About us 
Customer Service 
Blockchain intelligence firm TRM Labs has linked a years-long wave of crypto wallet thefts to the 2022 breach of the password manager LastPass, uncovering how stolen digital assets were laundered through Russia-based illicit financial infrastructure. According to the analysis, attackers have continued draining compromised crypto wallets well into late 2025, demonstrating the long-term impact of the original data breach.
The report explains that hackers gained access to encrypted vault data during the LastPass breach and later exploited weak or reused master passwords to unlock private keys stored by users. Once access was obtained, the attackers systematically siphoned cryptocurrencies from affected wallets over multiple years, rather than executing a single large-scale theft. This slow-drain strategy helped them avoid immediate detection while maximizing total losses.
TRM Labs researchers found that the stolen funds were funneled through a consistent on-chain pattern, indicating the activity was carried out by a single, coordinated cybercriminal group. The attackers regularly converted non-Bitcoin assets into Bitcoin using instant swap services before attempting to obscure transaction histories with privacy tools such as CoinJoin and Wasabi Wallet.
Despite the use of crypto mixing services designed to anonymize transactions, investigators were able to trace the money flow using behavioral continuity analysis. By examining recurring operational details, including wallet software behaviors and private key import patterns, analysts successfully “de-mixed” the transactions and followed the funds to their final destinations.
A significant portion of the laundered assets ultimately passed through Russian crypto platforms. One key venue identified was Cryptex, a cryptocurrency exchange sanctioned by the US Office of Foreign Assets Control (OFAC). In addition, approximately $7 million in stolen funds were traced to Audi6, another exchange operating within Russia’s cybercriminal ecosystem.
The report also highlights that wallets interacting with mixers showed operational ties to Russia both before and after laundering, suggesting the threat actors were directly operating from the region rather than outsourcing infrastructure. Overall, the findings underscore the critical role some Russia-based crypto platforms play in enabling global cybercrime by providing liquidity and off-ramps for stolen digital assets, complicating international law enforcement efforts and prolonging the financial fallout of major data breaches like LastPass.
Comment 0