CoinsPaid Hit by Second Major Cyberattack in Six Months: $7.5 Million Compromised

The cryptocurrency payment gateway CoinsPaid has encountered its second cyberattack in the last six months. According to the Web3 security firm Cyvers, unauthorized transactions amounting to approximately 7.5 million dollars were detected.

On January 6th, Cyvers’ artificial intelligence system identified a series of suspicious activities involving the withdrawal of digital assets totaling 6.1 million dollars, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s cryptocurrency – CPD.

The Cyvers team reported that the perpetrator exchanged about 97 million CPD tokens, valued at approximately 368 thousand dollars, for ETH and transferred the funds to external accounts and cryptocurrency exchanges including MEXC, WhiteBit, and ChangeNOW. According to CoinGecko data, the CPD’s value plummeted by 39.5% in the last 24 hours, reaching $0.0006.

Further analysis by Cyvers revealed unauthorized transactions with BNB exceeding 1 million dollars, bringing the total amount of stolen funds to nearly 7.5 million dollars.

CoinsPaid, an Estonian company specializing in processing cryptocurrency payments, has to date processed over 19 billion euros in cryptocurrency transactions. The company has yet to respond to this incident.

In July 2023, the platform also suffered a cyberattack, resulting in the theft of over 37 billion dollars. According to CoinsPaid, hackers used a fake job interview to deceive a company employee. The employee, supposedly responding to a job offer, downloaded malicious code, enabling the attackers to gain access to CoinsPaid’s infrastructure.

In their investigation report, CoinsPaid accused the North Korea-backed Lazarus group of the incident, noting that the group had attempted to infiltrate the platform several times since March 2023. After several failures, they shifted to employing “high-tech and active social engineering techniques,” targeting individual employees rather than the company as a whole.

Lazarus group is believed to be responsible for a series of cryptocurrency cyberattacks in 2023. According to TRM Labs, the group stole at least 600 million dollars in cryptocurrency last year.