CoinsPaid Suffers Second Security Breach
The Estonian payment processor for digital assets, CoinsPaid, has experienced its second security breach in the past six months. According to web3 security firm Cyvers, unauthorized transactions amounting to nearly $7.5 million were detected.
Cyvers’ artificial intelligence system identified multiple irregular transactions on January 6, resulting in the withdrawal of $6.1 million worth of digital assets, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s native token CPD.
The attacker exchanged around 97 million CPD tokens valued at approximately $368,000 for ETH and then transferred the funds to externally owned accounts (EOAs) and various crypto exchanges.
Additional Unauthorized Transactions Involving BNB
Cyvers’ further analysis revealed additional unauthorized transactions involving Binance Coin (BNB) worth over $1 million. This brings the total stolen amount close to $7.5 million. Cyvers shared details about the transactions on social media, including the hacker’s address.
As of now, CoinsPaid has not provided any official updates or announcements regarding the security breach.
CoinsPaid’s History of Security Breaches
This recent incident follows a previous hack in July 2023 where hackers stole over $37.3 million from CoinsPaid. The company believes that the attacker tricked one of its employees through a fake job interview, leading to the download of malicious code that granted unauthorized access to CoinsPaid’s infrastructure.
In both incidents, the hackers employed sophisticated social engineering techniques and targeted individual workers. They exploited vulnerabilities in CoinsPaid’s platform and gained access to its infrastructure, allowing them to withdraw funds from the company’s storage vault.
CoinsPaid suspected the involvement of the Lazarus Group, a group known for its sophisticated cyberattacks, in both hacks. The company partnered with blockchain security firm Match Systems to track the stolen funds.
Lazarus Group’s Cryptocurrency Holdings
The Lazarus Group, a North Korean hacking organization, reportedly holds over $47 million in cryptocurrency. Their holdings primarily consist of Bitcoin (BTC). Wallets linked to the Lazarus Group were found to contain approximately 1,600 Bitcoin, 10,810 Ether (ETH), and 64,490 Binance Coin (BNB).
Securing CoinsPaid’s platform and infrastructure is now a significant challenge for the company following two major security breaches within a short period. The crypto industry as a whole continues to face evolving threats and struggles to fortify the security of payment gateways.
Hot Take: CoinsPaid Faces Ongoing Security Challenges
CoinsPaid’s recent security breach highlights the persistent challenges faced by payment processors in the crypto industry. With hackers employing increasingly sophisticated techniques and targeting individual employees, companies must prioritize robust security measures and employee training to prevent unauthorized access and financial losses.
Additionally, the involvement of groups like the Lazarus Group underscores the need for collaboration between companies and blockchain security firms to track stolen funds and identify potential perpetrators. As the crypto industry continues to grow, it is crucial for businesses to stay vigilant and proactive in protecting their platforms and customers from cyber threats.
By
By
By
By
By
By