Hackers Steal $37.3 Million from CoinsPaid: Lessons Learned and Steps Taken
A recent cyberattack resulted in a significant loss for CoinsPaid, as hackers stole $37.3 million from the crypto payments provider. The CEO of CoinsPaid, Max Krupyshev, shared the lessons learned and the actions taken following the attack.
Hackers Continue to Steal Cryptocurrency
Despite a reported 70% decrease in crypto hacks in Q1 2023, hackers managed to steal approximately $450 million in the first half of the year. One of the notable exploits was the social engineered hack on CoinsPaid.
The Suspected Culprits
CoinsPaid suspected that the Lazarus group, a North Korean hackers’ guild, was behind the attack. The CEO noted that previous victims of Lazarus group attacks had similar money laundering schemes.
Social Engineering Tactics
The hackers targeted CoinsPaid employees for six months, offering them high-paying jobs as part of their scheme. One employee fell victim to a fake job interview and unknowingly installed malware that provided access to the company’s infrastructure.
Compensation and Recovery
Despite the significant loss, CoinsPaid compensated its customers using company reserves. The team managed to restore operations within two days by rebuilding the entire infrastructure from scratch. The company remains profitable due to transaction processing.
The Human Element and Security Measures
CoinsPaid recognizes that people can be vulnerable to manipulation and is implementing measures to enhance security. This includes anti-hacker education and training programs for employees, revising access rights, conducting security audits, and investing in infrastructure security.
Closing Thoughts: Building Trust through Transparency
CoinsPaid aims to build trust among employees and clients by prioritizing transparency. The company plans to employ white-hat hackers to test its defenses and ensure any vulnerabilities are addressed.
By
By
By
By
By