CoinsPaid gets hacked again, more than $7m goes missing

  crypto.news 3 h

CoinsPaid, an Estonian crypto-payments service provider, fell victim to a cyberattack on Saturday, Jan. 6, resulting in the theft of roughly $7.5 million in cryptocurrency on the Binance (BNB) and Ethereum (ETH) chains.

Real-time security alerts from the Cyvers platform reported the breach via its social media account on X.

This isn’t the first time hackers have stolen money from CoinsPaid. Recall how, in July 2023, the company suffered a breach that saw $37.3 million get stolen. The company compensated customers from its reserves.

🚨UPDATE🚨After more investigation, our system has detected more unauthorized transactions on #BNB too involving @coinspaid

Hacker has got another $1M worth of digital assets 924K BSC-USD and 268.5 $BNB.
All together total loss is $7.5M

Hacker’s address:… https://t.co/877vBm0Uah pic.twitter.com/xD6tg9QznK

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) January 6, 2024

You might also like: North Korean crypto hackers raided $600m in 2023

It is unknown who is responsible for the hack, but the Cyvers team suspects it might be Lazarus again.

CyVers CEO Deddy Lavid provided an exclusive comment to crypto.news regarding the matter: “On January 5, 2024, at 6:13:23 PM UTC, the Coinspaid exchange suffered a significant security breach, resulting in a total loss of $7.5 million in digital assets on the BNB and ETH chains. Assets stolen included USDT, USDC, CPD on the ETH chain and BNB and BSC-USD on the BNB chain.”

The hacker allegedly swapped assets into ETH and distributed them across various externally owned accounts (EOAs) on both ETH and BNB chains.

“Additionally, some of the stolen funds were deposited into WhiteBit, MEXC, and ChangeNow exchanges,” Lavid said. “The root cause of the incident is inadequate wallet access control. Notably, the exchange had previously been alerted to potential vulnerabilities in July 2023 by Cyvers, when the Coinspaid system and Alphapo suffered a $100 million theft linked to the North Korean Lazarus group.”

Payment platform Alphapo was also a victim of a large-scale exploit that led to the loss of $23 million in various crypto assets, including Bitcoin (BTC), Tron (TRX) and Ethereum (ETH).

You might also like: Ethereum suffered highest losses due to rug pulls and hacks, data shows

CoinsPaid vs. Lazarus

In the past, CoinsPaid has suspected that North Korean hackers affiliated with the Lazarus group were responsible for attacking its system. Krupyshev explained that investigations revealed similar patterns and schemes that Lazarus prefers.

The group has been linked to many hacks over the years. Over the past six years, the entity reportedly stole around $3 billion worth of cryptocurrency. In 2023, it stole $600 million in digital assets.

A month after the hack, CoinsPaid stated in a blog post that the North Korean hackers socially engineered their way to get access to the company’s internal computers.

The group had been targeting the firm’s employees for six months with high-paying jobs — some were offered between $16,000 and $24,000 per month.

In July, one of the CoinsPaid employees was approached by fake HR recruiters and offered an opportunity to take part in an interview for a new job, the CEO claimed.

The “interviewer” sent a link to install corporate communications software similar to Zoom. When the employee downloaded the software, it turned out to be a remote PC administration and management tool.

The employee then realized the job offer was used as a smokescreen that jeopardized CoinsPaid, and reported the hack.

Source