CoinsPaid Hit by Second Massive Cyberattack, Loses $7.5 Million in Crypto

Web3 security firm Cyvers reports that CoinsPaid has faced another security attack within six months, with nearly US$7.5 million in crypto assets stolen. The attack involved unauthorized transactions in Tether, Ether, USD Coin, CoinsPaid tokens, and BNB, leading to the exchange of millions of CPD tokens for ETH and transfers to external accounts. CoinsPaid, an Estonian crypto payment provider, previously experienced a major attack in July 2023, where Lazarus Group is believed to have stolen more than $37 billion using social engineering techniques.

CoinsPaid Suffers Second Major Security Attack, Losing Nearly $7.5 Million in Digital Assets

Jakarta, Indonesia - Leading Web3 security firm Cyvers has uncovered a second security breach at crypto payment gateway CoinsPaid, resulting in the theft of nearly $7.5 million worth of digital assets. Cyvers' advanced artificial intelligence (AI) system detected a series of unauthorized transactions on January 6, alerting the company to the compromise.

Unauthorized Withdrawals and Asset Conversions

Cyvers' AI identified several irregularities involving the withdrawal of $6.1 million in digital assets, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid's native token (CPD). The attackers swiftly exchanged approximately 97 million CPD tokens, valued at around $368,000, into ETH. The funds were then transferred to external accounts and various cryptocurrency exchanges, including MEXC, WhiteBit, and ChangeNOW. At the time of writing, the CPD token is trading at $0.0006, indicating a significant 39.5% decline in value over the past 24 hours.

Further Unauthorized Transactions and Total Losses

Upon further investigation, Cyvers identified additional unauthorized transactions involving Binance Coin (BNB) worth more than $1 million, bringing the total estimated loss to close to $7.5 million.

Background: CoinsPaid's Previous Attack and Lazarus Suspicion

CoinsPaid, an Estonian-based payment provider for digital assets, previously experienced a severe security attack in July 2023, resulting in the theft of over $37 billion. The company alleged that hackers employed a deceptive social engineering technique, exploiting fake job interviews to trick an employee into downloading malicious code. The compromised access allowed the attackers to steal sensitive information and gain entry into CoinsPaid's infrastructure.

In a post-mortem report, CoinsPaid attributed the attack to the North Korean state-backed Lazarus Group, notorious for its sophisticated hacking techniques. The report indicated that the group had attempted to infiltrate CoinsPaid's platform since March 2023, but after repeated failures, they shifted to "very sophisticated and powerful" social engineering methods, targeting employees rather than the company's technical systems.

The Lazarus Group has been implicated in a series of high-profile crypto hacks throughout 2023. Blockchain intelligence firm TRM Labs estimates that the group stole at least $600 million in cryptocurrency last year.

CoinsPaid Remains Silent on Latest Attack

Despite the significant financial losses and the second attack within six months, CoinsPaid has refrained from issuing an official statement regarding the latest compromise. The company's silence has raised concerns among customers and industry experts alike, who are seeking transparency and reassurance about the security of their funds.

Implications for the Crypto Industry

The repeated attacks on CoinsPaid highlight the urgent need for robust security measures within the cryptocurrency industry. As digital assets continue to gain widespread adoption, it is essential for payment gateways and exchanges to invest in advanced security protocols, employ rigorous employee training programs, and implement comprehensive risk management strategies.

The ongoing threat posed by sophisticated hacking groups like Lazarus underscores the importance of collaboration between law enforcement agencies, security researchers, and cryptocurrency companies to combat cybercrime and protect user funds.