Russian cybercriminals are doubtless accountable for the laundering of greater than $35 million in cryptocurrency stolen from LastPass customers, in accordance to a report by blockchain intelligence agency TRM Labs.
The evaluation linked the multi-year drain of crypto wallets to the 2022 breach of the password supervisor LastPass. It famous that the stolen funds moved by means of illicit monetary infrastructure tied to Russia’s cybercriminal underground.
Sponsored
Sponsored
How Russian Cybercriminals Laundered the Stolen Funds
TRM Labs researchers discovered that the attackers used privateness protocols to obscure the cash path, however finally routed the funds to Russia-based platforms.
In accordance to the report, the perpetrators have continued to siphon property from compromised vaults as just lately as late 2025.
The malicious actors systematically laundered the stolen funds by means of off-ramps that Russian risk actors have traditionally used. A kind of venues was Cryptex, an change at the moment sanctioned by the US Office of Foreign Assets Control (OFAC).
TRM Labs mentioned they recognized a “constant on-chain signature” tying the thefts to a single, coordinated group.
The attackers repeatedly transformed non-Bitcoin property into Bitcoin utilizing immediate swap companies. The funds had been then moved to mixing services such as Wasabi Wallet and CoinJoin.
Sponsored
Sponsored
These instruments are designed to pool funds from a number of customers to scramble transaction histories, theoretically making them untraceable.
Nonetheless, the report highlights a big failure in these privateness applied sciences. Analysts had been ready to “de-mix” the transactions utilizing behavioral continuity evaluation.
Investigators tracked particular digital footprints, resembling how pockets software program imported non-public keys, and efficiently unwound the mixing course of. This allowed them to observe the digital foreign money by means of the privateness protocols and observe its ultimate deposit into Russian exchanges.
As well as to Cryptex, investigators traced roughly $7 million in stolen funds to Audi6, one other change service working inside the Russian cybercriminal ecosystem.
The report notes that the wallets interacting with the mixers confirmed “operational ties” to Russia each earlier than and after the laundering course of. This means the hackers weren’t merely renting infrastructure however working straight from the area.
The findings underscore Russia crypto platforms’ position in enabling international cybercrime.
By offering liquidity and off-ramps for stolen digital property, these exchanges enable prison teams to monetize knowledge breaches whereas evading international law enforcement.
