Crypto payment gateway CoinsPaid has recently encountered its second security breach within the span of six months, resulting in a compromise of nearly $7.5 million. The breach was initially identified by web3 security firm Cyvers, whose artificial intelligence system flagged multiple unauthorized transactions totaling $6.1 million in digital assets, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s native token CPD.
CoinsPaid Struck Again in a $7.5M Breach
According to Cyvers’ team on X (previously Twitter), the attackers executed a strategic move, exchanging approximately 97 million CPD tokens for Ether valued at around $368,000. The ill-gotten funds were then shifted to externally owned accounts (EOAs) and deposited into prominent cryptocurrency exchanges such as MEXC, WhiteBit, and ChangeNOW.
Upon conducting further analysis, Cyvers discovered additional unauthorized transactions involving Binance Coin (BNB) exceeding $1 million. This revelation brings the cumulative amount stolen in this latest breach close to $7.5 million.
Despite the significant financial impact, CoinsPaid, a leading player in the Estonian digital asset payment processing sector, has refrained from issuing an official statement concerning the recent attack. This incident comes on the heels of another security breach in July 2023, where malicious actors pilfered over $37 million from the platform.
CoinsPaid attributed the compromise to the North Korean state-backed Lazarus Group in the earlier breach. In a detailed post-mortem report, the company revealed that the group had attempted multiple infiltrations since March 2023, adopting “highly sophisticated and vigorous social engineering techniques” after initial failures. Notably, the attackers focused on targeting employees rather than directly compromising the company’s infrastructure.
The Lazarus Group has been implicated in several cryptocurrency hacks throughout 2023, raising concerns within the industry. TRM Labs, a blockchain intelligence firm, reported that the group successfully stole at least $600 million in cryptocurrency last year.
These repeated security breaches cast doubt on the efficacy of CoinsPaid’s security infrastructure and its ability to protect the substantial volume of cryptocurrency transactions it facilitates. As the cryptocurrency sector contends with escalating cyber threats, stakeholders eagerly await CoinsPaid’s response and its strategy for bolstering security measures moving forward.
Related Reading | Honduras Embraces Bitcoin: Tax Deadline Set for 2024