Cybersecurity

The Vault That Kept on Giving: How Stolen Wool Coats Still Warm the Wolves Three Years Later

Victor Woolridge

2 min read
The Vault That Kept on Giving: How Stolen Wool Coats Still Warm the Wolves Three Years Later

Let me be perfectly clear from the outset. This is precisely the sort of catastrophe I have been warning about since before most of you were weaned from the bottle.

In 2022, a major password management service, one of those "convenient" modern solutions that the lambs so adore, suffered a catastrophic breach. The wolves made off with encrypted vault backups. At the time, the shepherds assured the flock that everything was fine. "The encryption is strong," they bleated. "Go back to grazing."

I said nothing was fine. Nobody listened. They never do.

The Slow Shearing Continues

Now, according to intelligence from TRM Labs, those same stolen vaults are being cracked open to this day. Late 2025, and the wolves are still dining on cryptocurrency assets extracted from lambs who thought a six character master password containing their pet's name would suffice.

The evidence points to Russian cybercriminal actors. Of course it does. These are patient wolves, methodical wolves. They understand that weak locks yield to persistence. They are not in a hurry. They have vodka and time.

This is what happens when you trust the Sky Pasture with your most sensitive credentials. This is what happens when "convenience" supersedes discipline. In the old days, we kept our secrets on paper, locked in safes, guarded by paranoia. Now the flock stores everything in someone else's barn and acts surprised when it burns down.

The Fundamental Problem

The lambs chose weak master passwords. The wolves ran cracking operations for years. The math was always against the flock. I could have told you this in 1994. I did tell you this in 1994. I was teaching graduate seminars on key derivation functions while most of these "security experts" were still learning to tie their shoes.

Modern tools are soft. Modern users are softer.

Remediation

  1. If you used this service prior to 2022, assume compromise. Move all cryptocurrency assets to new wallets immediately. Not tomorrow. Now.
  2. Rotate every credential that was stored in that vault. Every single one. Yes, it will take hours. You should have thought of that before.
  3. Use master passwords of no fewer than twenty characters. Random. Not your anniversary. Not your mother's maiden name. Random.
  4. Enable proper two factor authentication everywhere. Not SMS. Hardware tokens. The kind we used in the old days, before everyone decided security was too inconvenient.
  5. Consider whether you truly need to store seed phrases in any digital format whatsoever. Paper exists. Safes exist. Paranoia is a virtue.

The wolves are patient. You must be more paranoid than they are patient.

Class dismissed.

Original Report: https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html