LastPass

2022-08-08

First intrusion: attacker compromises LastPass developer's corporate laptop, exfiltrates source code and technical documentation over four days.

2022-08-25

LastPass CEO Karim Toubba publicly discloses the August breach, claiming no customer data was accessed.

2022-09-08

Second intrusion begins: attackers use stolen credentials from a senior DevOps engineer to access AWS S3 cloud storage.

2022-09-22

Second intrusion ends; attackers have exfiltrated a backup of customer vault data including encrypted seed phrases and private keys.

2022-11-30

LastPass publicly discloses the full scope of the breach, acknowledging that encrypted customer password vaults were stolen.

2023-09-15

KrebsOnSecurity publishes security researcher findings concluding that a series of six-figure crypto heists across dozens of victims resulted from cracked LastPass master passwords.

2023-10-01

ZachXBT documents approximately $4.4 million stolen from LastPass breach victims in October 2023.

2024-01-30

Ripple co-founder Chris Larsen has approximately 283 million XRP (~$150 million) stolen from wallets whose private keys were stored in LastPass.

2024-02-01

ZachXBT is first to publicly attribute the Larsen XRP theft to the LastPass breach via Telegram. ZachXBT documents a separate $6.2 million theft wave in February 2024.

2024-06-01

Law enforcement begins tracing $23.6 million of Larsen's stolen XRP across OKX, Kraken, WhiteBIT, AscendEX, FixedFloat, SwapSpace, and CoinRabbit.

2024-12-16

ZachXBT reports $5.4 million stolen from over 40 victim addresses on December 16–17; funds swapped for ETH then converted to Bitcoin via instant exchanges.

2024-12-17

ZachXBT reports a separate theft of $12.38 million from more than 100 wallet addresses (Bitcoin, Ethereum, Avalanche) within hours.

2025-03-06

US federal prosecutors in the Northern District of California seize approximately $23–24 million in cryptocurrency linked to the Larsen XRP theft. DOJ forfeiture complaint unsealed confirms LastPass breach as root cause.

2025-09-01

TRM Labs identifies a new September 2025 wave of approximately $7 million in additional thefts laundered through Wasabi Wallet to Russian exchange Audi6.

2025-11-20

UK ICO issues £1.23 million monetary penalty against LastPass UK Ltd for UK GDPR violations arising from the 2022 breach, citing inadequate technical security measures affecting 1.6 million UK users.

2025-12-01

TRM Labs publishes comprehensive on-chain investigation concluding total cryptocurrency losses attributable to the LastPass breach exceed $438 million, with laundering traced to Russian exchanges Cryptex (OFAC-sanctioned) and Audi6 via Wasabi Wallet CoinJoin.

2026-02-02

US court grants preliminary approval to $24.45 million class action settlement covering LastPass breach victims, with a $16.25 million sub-fund for cryptocurrency loss claims.