$438 Million Stolen: The LastPass Breach Three Years Later

$438 million gone

In December 2025, blockchain analysis firm TRM Labs confirmed that cryptocurrency thefts totaling over $438 million could be traced directly to the 2022 LastPass breach. The stolen LastPass vaults contained seed phrases, private keys, and wallet passwords that victims had stored in what they believed was an encrypted vault. The attackers cracked the vaults and systematically drained wallets over the course of three years.

The breach timeline

The LastPass breach happened in two stages:

August 2022: An attacker compromised a LastPass developer's workstation and stole source code and technical documentation.

November 2022: Using information from the first breach, the attacker targeted one of four LastPass engineers who had access to the decryption keys for cloud storage. The attacker compromised the engineer's home computer by exploiting a vulnerability in Plex media server software, then installed a keylogger to capture the engineer's master credentials.

With those credentials, the attacker downloaded a complete copy of every customer's encrypted vault from LastPass's cloud storage, along with unencrypted metadata including website URLs, company names, and email addresses.

The cracking math

LastPass vaults are encrypted with AES-256, derived from the user's master password through PBKDF2 key stretching. The security of the vault depends entirely on two factors: the strength of the master password and the number of PBKDF2 iterations.

Here is where LastPass failed its users. Legacy accounts created before 2018 used only 5,000 PBKDF2 iterations. LastPass eventually raised the default to 100,100, but never forced older accounts to upgrade. Millions of vaults were encrypted with the weaker setting.

With a modern NVIDIA RTX 4090 GPU, an attacker can test approximately 1.5 million password guesses per second against a 5,000-iteration PBKDF2 vault. A common 8-character password with mixed case and numbers can be cracked in hours. The cost: about $15 in electricity.

Even the 100,100-iteration vaults are vulnerable if the master password is weak. The iterations slow down guessing, but they cannot compensate for a password like "Summer2022!" that appears in every password dictionary.

The confirmed thefts

January 2024: The FBI confirmed that a $150 million XRP theft was directly linked to the LastPass breach. The victim had stored their cryptocurrency wallet seed phrase in LastPass.

October 2023: Security researcher ZachXBT tracked $4.4 million stolen from 25+ victims in a single day, all traced to LastPass vault contents.

December 2025: TRM Labs published the comprehensive analysis showing $438 million in total confirmed losses across hundreds of victims.

The pattern was consistent. Victims had stored cryptocurrency seed phrases or private keys in LastPass. The attackers prioritized high-value targets, cracking vaults belonging to known cryptocurrency holders first, then working through the database systematically.

The $24 million class action

In 2025, LastPass agreed to a $24 million class action settlement. For a breach that caused $438 million in confirmed cryptocurrency theft alone (not counting other damages from compromised passwords), the settlement amount is strikingly small. Class members who can document losses may receive up to $7,500. Those who cannot document specific losses will receive a fraction of whatever remains after legal fees.

LastPass denied wrongdoing as part of the settlement.

Why 1Password is different

The LastPass breach is a case study in why architecture matters. 1Password uses a different design called the Secret Key system.

When you create a 1Password account, the app generates a random 128-bit Secret Key that is stored only on your devices, never on 1Password's servers. Your vault encryption key is derived from both your master password AND the Secret Key combined.

This means that even if an attacker stole a complete copy of 1Password's server database (the exact scenario that happened to LastPass), they could not crack any vaults. They would need both the master password and the Secret Key, and the Secret Key never leaves your device.

The practical difference:

• LastPass vault stolen from server: Attacker needs to guess your master password. Possible with GPU cracking.
• 1Password vault stolen from server: Attacker needs your master password AND your 128-bit Secret Key. Computationally impossible.

What to do if you used LastPass

1. Assume your vault was stolen. Every password, note, and secret stored in LastPass before December 2022 should be considered compromised
2. Change every password that was in your vault, prioritizing financial accounts, email, and cryptocurrency
3. Move cryptocurrency stored with seed phrases from your LastPass vault to new wallets with freshly generated seed phrases
4. Enable hardware security keys (YubiKey) on critical accounts
5. Switch to 1Password or Bitwarden, both of which have architectures that protect against server-side breaches
6. Check haveibeenpwned.com for your email to see if your LastPass account appeared in the breach dataset

PBKDF2 iteration comparison

The number of iterations directly determines how long it takes to crack a vault. Here is the real-world difference using an NVIDIA RTX 4090:

| Iterations | Guesses/Second | Time to Crack 8-char Password | Cost |

|-----------|----------------|------------------------------|------|

| 5,000 (LastPass legacy) | 1,500,000 | Hours | ~$15 |

| 100,100 (LastPass current) | 75,000 | Days to weeks | ~$500+ |

| 310,000 (OWASP 2025 minimum) | 24,000 | Weeks to months | ~$2,000+ |

| 650,000 (1Password) | 11,500 | Months to years | $10,000+ |

These numbers assume an 8-character password with mixed case, numbers, and a symbol. A truly random 16+ character password makes cracking infeasible at any iteration count. But the iterations determine the security floor for users who chose weak master passwords, which is most people.

The Russian connection

TRM Labs traced the stolen cryptocurrency through a laundering chain that pointed to Russian cybercriminal infrastructure. Funds from cracked LastPass vaults were routed through Cryptomixer.io (a mixing service), then off-ramped through Cryptex and Audia6 (Russian-linked exchanges with minimal KYC). The laundering pattern was consistent across hundreds of separate thefts, suggesting a single organized group systematically cracking vaults and draining wallets.

In March 2025, FBI court filings in the $150M XRP case confirmed the connection and identified specific wallet addresses used in the laundering chain. Federal agents seized $24 million of the stolen funds.

The UK response

In addition to the US class action, the UK's Information Commissioner's Office (ICO) fined LastPass 1.2 million GBP citing inadequate security measures. The ICO specifically called out the low iteration count on legacy accounts and the failure to force upgrades as factors that contributed to the breach impact.

Sources

1. TRM Labs, "Tracing Stolen Crypto from 2022 LastPass Breach: On-Chain Indicators Suggest Russian Cybercriminal Involvement" (December 2025)
2. Krebs on Security, "Feds Link $150M Cyberheist to 2022 LastPass Hacks" (March 2025)
3. The Hacker News, "LastPass 2022 Breach Led to Years-Long Cryptocurrency Theft" (December 2025)
4. Hive Systems, "Are Your Passwords in the Green? 2025 Password Table" (2025)
5. CyberNews, "1Password vs Bitwarden 2026 Comparison" (2026)
6. The Hacker News, "Study Uncovers 25 Password Recovery Attacks on Major Password Managers" (February 2026)