CoinsPaid gets hacked again, more than $7m goes missing
CoinsPaid, an Estonian crypto-payments service provider, fell victim to a cyberattack on Friday, Jan. 5, resulting in the theft of roughly $7.5 million in cryptocurrency on the Binance (BNB) and Ethereum (ETH) chains.
Real-time security alerts from the Cyvers platform reported the breach via its social media account on X.
This isn’t the first time hackers have stolen money from CoinsPaid. Recall how, in July 2023, the company suffered a breach that saw $37.3 million get stolen. The company compensated customers from its reserves.
It is unknown who is responsible for the Jan. 5 hack, but the Cyvers team suspects it might be the Lazarus group.
CyVers CEO Deddy Lavid provided an exclusive comment to crypto.news regarding the matter: “On January 5, 2024, at 6:13:23 PM UTC, the Coinspaid exchange suffered a significant security breach, resulting in a total loss of $7.5 million in digital assets on the BNB and ETH chains. Assets stolen included USDT, USDC, CPD on the ETH chain and BNB and BSC-USD on the BNB chain.”
The hacker allegedly swapped assets into ETH and distributed them across various externally owned accounts (EOAs) on both ETH and BNB chains.
Additionally, some of the stolen funds were deposited into WhiteBit, MEXC, and ChangeNow exchanges,” Lavid said. “The root cause of the incident is inadequate wallet access control. Notably, the exchange had previously been alerted to potential vulnerabilities in July 2023 by Cyvers, when the Coinspaid system and Alphapo suffered a $100 million theft linked to the North Korean Lazarus group.
WhiteBIT has acknowledged the recent attempts to deposit funds linked to the Coinspaid incident into their platform. Emphasizing their commitment to security and adherence to Anti-Money Laundering (AML) standards, WhiteBIT has taken decisive action by freezing these funds. The company is currently undertaking necessary procedures to address the situation.
Payment platform Alphapo was also a victim of a large-scale exploit that led to the loss of $23 million in various crypto assets, including Bitcoin (BTC), Tron (TRX) and Ethereum (ETH).
CoinsPaid vs. Lazarus
In the past, CoinsPaid has suspected that North Korean hackers affiliated with the Lazarus group were responsible for attacking its system. Krupyshev explained that investigations revealed similar patterns and schemes that Lazarus prefers.
The group has been linked to many hacks over the years. Over the past six years, the entity reportedly stole around $3 billion worth of cryptocurrency. In 2023, it stole $600 million in digital assets.
A month after the hack, CoinsPaid stated in a blog post that the North Korean hackers socially engineered their way to get access to the company’s internal computers.
The group had been targeting the firm’s employees for six months with high-paying jobs — some were offered between $16,000 and $24,000 per month.
In July, one of the CoinsPaid employees was approached by fake HR recruiters and offered an opportunity to take part in an interview for a new job, the CEO claimed.
The “interviewer” sent a link to install corporate communications software similar to Zoom. When the employee downloaded the software, it turned out to be a remote PC administration and management tool.
The employee then realized the job offer was used as a smokescreen that jeopardized CoinsPaid, and reported the hack.