CoinsPaid Faces Second $7.5M Security Breach in Six Months

A security breach has occurred at the cryptocurrency payment gateway CoinsPaid for the second time in the past six months. The Web3 security company Cyvers stated that they discovered illegal transactions totaling roughly $7.5 million.

On January 6, the artificial intelligence system of Cyvers discovered many inappropriate transactions, which made it possible to withdraw digital assets worth a total of $6.1 million.

Cyvers held these digital assets in Tether, Ether, USD Coin, and CoinsPaid’s native token, CPD. After exchanging about 97 million CPD tokens for ETH with a value of approximately $368,000, the attacker reportedly moved the assets to externally owned accounts (EOAs) and cryptocurrency exchanges MEXC, WhiteBit, and ChangeNOW.

Cyver’s team on X, formerly known as Twitter, provided this information. There has been a 39.5% decrease in the value of CPD in the past twenty-four hours, according to the statistics provided by CoinGecko.

After further investigation, Cyver discovered unauthorized transactions involving BNB worth more than one million dollars, bringing the total amount taken to close to seven and a half million dollars. CoinsPaid is a payment processor for digital assets that is based in Estonia.

Cyvers’ system detected unauthorized transactions on CoinsPaid. Source: Cyvers Alerts

The company claims to have processed more than 19 billion euros worth of cryptocurrency transactions. Regarding the attack, the corporation has not yet issued a statement.

In July 2023, the site experienced yet another security breach, which resulted in the theft of more than $37 million. According to CoinsPaid, hackers deceived one of its employees by using a phony job interview instead of the real thing.

A job offer prompted the employee to download a malicious code, allowing the malicious actors to collect information and gain access to CoinsPaid’s infrastructure. CoinsPaid blamed the Lazarus Group, supported by the North Korean government, for the incident in a post-mortem report of the hack.

The report stated that the group had attempted to infiltrate the platform multiple times since March 2023, but after experiencing multiple failures, they shifted their focus to “highly sophisticated and vigorous social engineering techniques.”

The group targeted employees rather than the company itself. In 2023, it is thought that the Lazarus Group was responsible for multiple cryptographic attacks.

According to the blockchain intelligence company TRM Labs, the organization stole at least $600 million worth of cryptocurrency in the previous year.