How a 2022 Password Manager Hack Turned Into Years of Cryptocurrency Theft
Cybersecurity investigators have discovered that a major security breach at the popular password manager LastPass in 2022 has continued to cause problems for users years later. When hackers broke into LastPass’s systems, they stole copies of encrypted password vaults — the secure folders where users keep passwords and other important information. Although these vaults were encrypted, attackers spent years trying to crack weak master passwords and use the stolen data to steal cryptocurrency and other digital assets.
The stolen vaults included not only regular login credentials but also secret keys and recovery phrases used to access cryptocurrency wallets. Because some users had weak master passwords protecting these vaults, attackers were eventually able to unlock the encrypted contents. Once they decrypted a vault, they could access the private keys and drain the associated cryptocurrency wallets. This long-running theft continued for years, turning a single breach into a multi-year criminal campaign.
Experts tracking the stolen funds say more than $35 million worth of digital assets has been connected to this breach. The criminals converted the stolen funds into Bitcoin and used complex transfer paths to try to hide their trail before cashing out. Some of these operations involved services commonly linked to cybercrime, which made tracking the money harder but still possible through careful investigation.
At the time of the original breach, LastPass warned users that attackers might try to guess master passwords, especially if those passwords were short or simple. Many users did not change or strengthen their master passwords after the warning, giving attackers plenty of time to work on cracking them. Once unlocked, the private keys inside these vaults gave criminals direct access to users’ cryptocurrency holdings.
The ongoing thefts from the fallout of the 2022 incident show how a single security failure can have long-lasting effects, especially when sensitive information is exposed. It also highlights why strong, unique master passwords and good security habits are crucial for anyone storing valuable digital credentials or cryptocurrency recovery phrases.
