An Increasing Vulnerability

In recent years, password managers have generally been effective against hacking attempts. However, crypto thefts in 2022 and beyond highlight the need for users to protect themselves at every step of the process. Weak master passwords were a significant factor in enabling these criminals to access user vaults and steal millions in cryptocurrency.

The breach began when cybercriminals breached LastPass, a tool used by many people to store their passwords securely. Armed with stolen information, they managed to break into users’ crypto vaults, which were also password-protected but offline for extended periods, giving the criminals time to unlock them.

Slow-Motion Hacking

The theft continued through 2025, with new waves of wallet drains indicating ongoing access by the criminals. LastPass only discovered that parts of its source code and proprietary technical information had been stolen shortly after the initial breach in 2022. Despite advising users to change their master passwords, these efforts were not enough to stop the thefts for three years.

Cybersecurity experts warn that if a user’s credentials are compromised, hackers can access all saved credentials within the password manager vault, even when encrypted, especially with those same credentials stored in browsing history and autofill data. This area is increasingly targeted by malware strains under the infostealer category.