← LastPass1 decision on this page

Audit log

Every state-changing event for LastPass: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-16 03:55:57Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 420,042,425
sig
3qt8AEiL2MmA…e4RipEELexplorer ↗
hash
5X17o8zjx7uu…q8wkspnUsha256 → base58
verifying row…full verify ↗
canonical bytes (6817 B) ▸
{"actor":"system:backfill","investigation_id":"219731db-fb28-45ef-abd7-04ff7031fe90","kind":"publish","page_slug":"lastpass","published_at":"2026-05-16T03:55:57.864Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"LastPass","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"LastPass is a widely used password manager that suffered a catastrophic two-stage data breach in 2022, resulting in the theft of encrypted customer password vaults containing cryptocurrency seed phrases and private keys. Threat actors subsequently cracked these vaults offline over the following years, draining crypto wallets in waves totaling more than $438 million across hundreds of victims by late 2025. The breach has led to a £1.2 million UK ICO regulatory fine, a $24.45 million US class action settlement, US federal seizures, and on-chain attribution by TRM Labs and blockchain researcher ZachXBT to Russian cybercriminal infrastructure.","timeline":[{"date":"2022-08-08","event":"First intrusion: attacker compromises LastPass developer's corporate laptop, exfiltrates source code and technical documentation over four days.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/cryptocurrency-theft-attacks-traced-to-2022-lastpass-breach/"},{"date":"2022-08-25","event":"LastPass CEO Karim Toubba publicly discloses the August breach, claiming no customer data was accessed.","source":"","source_url":"https://blog.lastpass.com/posts/notice-of-recent-security-incident"},{"date":"2022-09-08","event":"Second intrusion begins: attackers use stolen credentials from a senior DevOps engineer to access AWS S3 cloud storage.","source":"","source_url":"https://en.wikipedia.org/wiki/2022_LastPass_data_breach"},{"date":"2022-09-22","event":"Second intrusion ends; attackers have exfiltrated a backup of customer vault data including encrypted seed phrases and private keys.","source":"","source_url":"https://en.wikipedia.org/wiki/2022_LastPass_data_breach"},{"date":"2022-11-30","event":"LastPass publicly discloses the full scope of the breach, acknowledging that encrypted customer password vaults were stolen.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/cryptocurrency-theft-attacks-traced-to-2022-lastpass-breach/"},{"date":"2023-09-15","event":"KrebsOnSecurity publishes security researcher findings concluding that a series of six-figure crypto heists across dozens of victims resulted from cracked LastPass master passwords.","source":"","source_url":"https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/"},{"date":"2023-10-01","event":"ZachXBT documents approximately $4.4 million stolen from LastPass breach victims in October 2023.","source":"","source_url":"https://www.bankinfosecurity.com/crypto-roundup-lastpass-breach-linked-to-54m-crypto-theft-a-27109"},{"date":"2024-01-30","event":"Ripple co-founder Chris Larsen has approximately 283 million XRP (~$150 million) stolen from wallets whose private keys were stored in LastPass.","source":"","source_url":"https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/"},{"date":"2024-02-01","event":"ZachXBT is first to publicly attribute the Larsen XRP theft to the LastPass breach via Telegram. ZachXBT documents a separate $6.2 million theft wave in February 2024.","source":"","source_url":"https://www.theblock.co/post/345212/ripple-co-founder-chris-larsen-losing-over-100-million-of-xrp-tied-to-lastpass-hack-says-zachxbt"},{"date":"2024-06-01","event":"Law enforcement begins tracing $23.6 million of Larsen's stolen XRP across OKX, Kraken, WhiteBIT, AscendEX, FixedFloat, SwapSpace, and CoinRabbit.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/us-seizes-23-million-in-crypto-stolen-via-password-manager-breach/"},{"date":"2024-12-16","event":"ZachXBT reports $5.4 million stolen from over 40 victim addresses on December 16–17; funds swapped for ETH then converted to Bitcoin via instant exchanges.","source":"","source_url":"https://www.theblock.co/post/331118/lastpass-threat-actor-drains-5-4-million-in-crypto-from-over-40-victim-addresses-zachxbt"},{"date":"2024-12-17","event":"ZachXBT reports a separate theft of $12.38 million from more than 100 wallet addresses (Bitcoin, Ethereum, Avalanche) within hours.","source":"","source_url":"https://bitcoinethereumnews.com/crypto/zachxbt-ties-12-38-million-crypto-drain-to-lastpass-breach-100-victimized-wallets/"},{"date":"2025-03-06","event":"US federal prosecutors in the Northern District of California seize approximately $23–24 million in cryptocurrency linked to the Larsen XRP theft. DOJ forfeiture complaint unsealed confirms LastPass breach as root cause.","source":"","source_url":"https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/"},{"date":"2025-09-01","event":"TRM Labs identifies a new September 2025 wave of approximately $7 million in additional thefts laundered through Wasabi Wallet to Russian exchange Audi6.","source":"","source_url":"https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement"},{"date":"2025-11-20","event":"UK ICO issues £1.23 million monetary penalty against LastPass UK Ltd for UK GDPR violations arising from the 2022 breach, citing inadequate technical security measures affecting 1.6 million UK users.","source":"","source_url":"https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/12/password-manager-provider-fined/"},{"date":"2025-12-01","event":"TRM Labs publishes comprehensive on-chain investigation concluding total cryptocurrency losses attributable to the LastPass breach exceed $438 million, with laundering traced to Russian exchanges Cryptex (OFAC-sanctioned) and Audi6 via Wasabi Wallet CoinJoin.","source":"","source_url":"https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement"},{"date":"2026-02-02","event":"US court grants preliminary approval to $24.45 million class action settlement covering LastPass breach victims, with a $16.25 million sub-fund for cryptocurrency loss claims.","source":"","source_url":"https://www.classaction.org/news/8.2m-lastpass-settlement-ends-class-action-lawsuit-over-2022-data-breach"}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 17759ffb-3347-4e89-9bbc-3e6f7827cc4d

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.