A multi-year crypto theft ring has been traced back to Russian hackers who stole sensitive data from LastPass. Armed with that information, the criminals were able to access roughly 30 million users’ vaults and steal more than $35 million in cryptocurrency.
The scheme began in 2022, when cybercriminals breached LastPass, a tool millions of people use to store their passwords securely. Using the stolen information, they were able to break into the very crypto vaults the password manager was designed to protect. Although those vaults were also password-protected, the criminals reportedly took the systems offline, giving them time to figure out how to unlock them.
According to Blockmanity, many users relied on LastPass as their primary layer of security, leading some to use weak master passwords, like “password123.” The breach continued through 2025, with new waves of wallet drains indicating that the criminals continued to successfully access users’ vaults and steal thousands of dollars in crypto.
An Increasing Vulnerability
For years, password managers have been largely effective against hacking attempts. But recent crypto thefts underscore that users need to protect themselves at every step of the process. If master passwords had been stronger, the criminals would have had far less success.
“To access password manager vaults, consumers use basic usernames and passwords,” said Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “Any credential or account secured by traditional security and authentication methods, such as username and password, are increasingly vulnerable, especially when those passwords are saved in browser history and autofills.”
“If those credentials are compromised, then hackers can access all of the credentials saved in the password manager vault, bypassing encryption, especially if those same credentials are saved in browsing history and autofill data,” she said. “These areas are increasingly being targeted by malware strains that fall under the infostealer category.”
Slow-Motion Hacking
The incidents also highlight how long these breaches can unfold. LastPass discovered that portions of its source code and proprietary technical information had been stolen shortly after the 2022 breach. The company took steps to minimize the damage, including advising users to change their master passwords.
Despite these efforts, the thefts continued for three years. The stolen data gave the criminals ample time to break into crypto vaults.
