Russian cybercriminals are possible liable for the laundering of greater than $35 million in cryptocurrency stolen from LastPass customers, based on a report by blockchain intelligence agency TRM Labs.
The evaluation linked the multi-year drain of crypto wallets to the 2022 breach of the password supervisor LastPass. It famous that the stolen funds moved by way of illicit monetary infrastructure tied to Russia’s cybercriminal underground.
Sponsored
Sponsored
How Russian Cybercriminals Laundered the Stolen Funds
TRM Labs researchers discovered that the attackers used privateness protocols to obscure the cash path, however in the end routed the funds to Russia-based platforms.
Based on the report, the perpetrators have continued to siphon property from compromised vaults as not too long ago as late 2025.
The malicious actors systematically laundered the stolen funds by way of off-ramps that Russian risk actors have traditionally used. A kind of venues was Cryptex, an trade at the moment sanctioned by the US Workplace of Overseas Property Management (OFAC).
TRM Labs stated they recognized a “constant on-chain signature” tying the thefts to a single, coordinated group.
The attackers repeatedly transformed non-Bitcoin property into Bitcoin utilizing immediate swap providers. The funds have been then moved to mixing providers equivalent to Wasabi Pockets and CoinJoin.
Sponsored
Sponsored
These instruments are designed to pool funds from a number of customers to scramble transaction histories, theoretically making them untraceable.
Nonetheless, the report highlights a big failure in these privateness applied sciences. Analysts have been in a position to “de-mix” the transactions utilizing behavioral continuity evaluation.
Investigators tracked particular digital footprints, equivalent to how pockets software program imported non-public keys, and efficiently unwound the blending course of. This allowed them to comply with the digital foreign money by way of the privateness protocols and observe its closing deposit into Russian exchanges.
Along with Cryptex, investigators traced roughly $7 million in stolen funds to Audi6, one other trade service working inside the Russian cybercriminal ecosystem.
The report notes that the wallets interacting with the mixers confirmed “operational ties” to Russia each earlier than and after the laundering course of. This implies the hackers weren’t merely renting infrastructure however working straight from the area.
The findings underscore Russia crypto platforms’ function in enabling international cybercrime.
By offering liquidity and off-ramps for stolen digital property, these exchanges enable felony teams to monetize information breaches whereas evading worldwide legislation enforcement.