CoinsPaid 遭受第二次大規模網路攻擊，加密貨幣損失 750 萬美元

Web3 安全公司 Cyvers 報告稱，CoinsPaid 在六個月內再次面臨安全攻擊，近 750 萬美元的加密資產被盜。這次攻擊涉及 Tether、Ether、USD Coin、CoinsPaid 代幣和 BNB 等未經授權的交易，導致數百萬 CPD 代幣兌換成 ETH 並轉移至外部帳戶。愛沙尼亞加密支付提供商 CoinsPaid 此前曾在 2023 年 7 月經歷過重大攻擊，據信 Lazarus Group 利用社會工程技術竊取了超過 370 億美元。

CoinsPaid Suffers Second Major Security Attack, Losing Nearly $7.5 Million in Digital Assets

CoinsPaid遭受第二次重大安全攻擊，損失近750萬美元的數位資產

Jakarta, Indonesia - Leading Web3 security firm Cyvers has uncovered a second security breach at crypto payment gateway CoinsPaid, resulting in the theft of nearly $7.5 million worth of digital assets. Cyvers' advanced artificial intelligence (AI) system detected a series of unauthorized transactions on January 6, alerting the company to the compromise.

印尼雅加達 - 領先的 Web3 安全公司 Cyvers 在加密支付網關 CoinsPaid 發現了第二個安全漏洞，導致價值近 750 萬美元的數位資產被盜。 Cyvers 的先進人工智慧 (AI) 系統於 1 月 6 日偵測到一系列未經授權的交易，並向該公司發出了入侵警報。

Unauthorized Withdrawals and Asset Conversions

未經授權的提款和資產轉換

Cyvers' AI identified several irregularities involving the withdrawal of $6.1 million in digital assets, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid's native token (CPD). The attackers swiftly exchanged approximately 97 million CPD tokens, valued at around $368,000, into ETH. The funds were then transferred to external accounts and various cryptocurrency exchanges, including MEXC, WhiteBit, and ChangeNOW. At the time of writing, the CPD token is trading at $0.0006, indicating a significant 39.5% decline in value over the past 24 hours.

Cyvers 的 AI 發現了數起涉及提取 610 萬美元數位資產的違規行為，其中包括 Tether (USDT)、Ether (ETH)、USD Coin (USDC) 和 CoinsPaid 的原生代幣 (CPD)。攻擊者迅速將約 9,700 萬個 CPD 代幣（價值約 368,000 美元）兌換成 ETH。然後資金被轉移到外部帳戶和各種加密貨幣交易所，包括 MEXC、WhiteBit 和 ChangeNOW。截至撰寫本文時，CPD 代幣的交易價格為 0.0006 美元，顯示過去 24 小時內價值大幅下跌 39.5%。

Further Unauthorized Transactions and Total Losses

進一步的未經授權的交易和總損失

Upon further investigation, Cyvers identified additional unauthorized transactions involving Binance Coin (BNB) worth more than $1 million, bringing the total estimated loss to close to $7.5 million.

經過進一步調查，Cyvers 發現了涉及幣安幣 (BNB) 的其他未經授權的交易，價值超過 100 萬美元，估計損失總額接近 750 萬美元。

Background: CoinsPaid's Previous Attack and Lazarus Suspicion

背景：CoinsPaid 之前的攻擊和 Lazarus 的懷疑

CoinsPaid, an Estonian-based payment provider for digital assets, previously experienced a severe security attack in July 2023, resulting in the theft of over $37 billion. The company alleged that hackers employed a deceptive social engineering technique, exploiting fake job interviews to trick an employee into downloading malicious code. The compromised access allowed the attackers to steal sensitive information and gain entry into CoinsPaid's infrastructure.

總部位於愛沙尼亞的數位資產支付提供商 CoinsPaid 此前曾於 2023 年 7 月遭遇嚴重安全攻擊，導致超過 370 億美元被盜。該公司聲稱，駭客採用了欺騙性的社會工程技術，利用虛假的工作面試來誘騙員工下載惡意程式碼。受到破壞的存取使攻擊者能夠竊取敏感資訊並進入 CoinsPaid 的基礎設施。

In a post-mortem report, CoinsPaid attributed the attack to the North Korean state-backed Lazarus Group, notorious for its sophisticated hacking techniques. The report indicated that the group had attempted to infiltrate CoinsPaid's platform since March 2023, but after repeated failures, they shifted to "very sophisticated and powerful" social engineering methods, targeting employees rather than the company's technical systems.

CoinsPaid 在事後報告中將這次攻擊歸咎於北韓國家支持的 Lazarus Group，該組織因其複雜的駭客技術而臭名昭著。報告指出，該組織自 2023 年 3 月以來一直試圖滲透 CoinsPaid 平台，但在多次失敗後，他們轉向「非常複雜且強大」的社會工程方法，針對員工而不是公司的技術系統。

The Lazarus Group has been implicated in a series of high-profile crypto hacks throughout 2023. Blockchain intelligence firm TRM Labs estimates that the group stole at least $600 million in cryptocurrency last year.

Lazarus 集團在 2023 年遭遇了一系列備受矚目的加密貨幣駭客攻擊。

CoinsPaid Remains Silent on Latest Attack

CoinsPaid 對最新攻擊保持沉默

Despite the significant financial losses and the second attack within six months, CoinsPaid has refrained from issuing an official statement regarding the latest compromise. The company's silence has raised concerns among customers and industry experts alike, who are seeking transparency and reassurance about the security of their funds.

儘管造成了巨大的經濟損失，並且在六個月內發生了第二次攻擊，CoinsPaid 仍沒有就最新的妥協發表官方聲明。該公司的沉默引起了客戶和行業專家的擔憂，他們正在尋求資金安全的透明度和保證。

Implications for the Crypto Industry

對加密產業的影響

The repeated attacks on CoinsPaid highlight the urgent need for robust security measures within the cryptocurrency industry. As digital assets continue to gain widespread adoption, it is essential for payment gateways and exchanges to invest in advanced security protocols, employ rigorous employee training programs, and implement comprehensive risk management strategies.

對 CoinsPaid 的多次攻擊凸顯了加密貨幣產業內迫切需要強有力的安全措施。隨著數位資產不斷廣泛採用，支付網關和交易所必須投資先進的安全協議、採用嚴格的員工培訓計畫並實施全面的風險管理策略。

The ongoing threat posed by sophisticated hacking groups like Lazarus underscores the importance of collaboration between law enforcement agencies, security researchers, and cryptocurrency companies to combat cybercrime and protect user funds.

Lazarus 等複雜的駭客組織所構成的持續威脅凸顯了執法機構、安全研究人員和加密貨幣公司之間合作打擊網路犯罪和保護用戶資金的重要性。