-640x358.jpg&w=1200&q=75)
Russian cybercriminal networks have been linked to the laundering of more than $35 million in cryptocurrency stolen from users of password manager LastPass, according to TRM Labs.
The investigation traced the stolen assets back to the major LastPass data breach disclosed in 2022.
TRM Labs said the theft represented a prolonged and coordinated drain of compromised crypto wallets rather than a single incident.
Analysts found that funds continued to be siphoned from affected vaults as recently as late 2025.
The report concluded that the stolen cryptocurrency was routed through illicit financial infrastructure connected to Russia’s cybercrime ecosystem.
Attackers attempted to obscure transaction trails by using privacy-focused protocols and obfuscation tools.
Despite these efforts, investigators were able to track the funds as they moved to exchanges and services linked to Russia.
TRM Labs identified a consistent on-chain behavioural signature tying the thefts to a single coordinated group.
The hackers regularly converted non-Bitcoin assets into Bitcoin using instant swap services.
The Bitcoin was then routed through mixing services designed to conceal transaction histories.
Analysts used behavioural continuity analysis to unwind the mixing process.
Specific indicators such as wallet import behaviour and transaction timing enabled effective de-mixing.
The funds were ultimately traced to Russia-based exchanges.
One destination was Cryptex, an exchange sanctioned by the US Office of Foreign Assets Control.
Approximately $7 million was also linked to Audi6, another service associated with Russian cybercrime activity.
Wallet interactions showed operational ties to Russia both before and after laundering.
Researchers said the findings highlight how certain crypto platforms enable global cybercrime.
The report warned that such infrastructure continues to undermine international enforcement efforts.
At the time of reporting, Bitcoin price was $87,870.45.