Hackers have stolen $37.3 million from CoinsPaid, leading to a significant loss for the company. Its CEO shared with crypto.news the lessons learned and the steps taken following the cyberattack.

While a report in May revealed that crypto hacks have decreased by around 70% in the first quarter of 2023, a follow-up study in July unveiled that hackers have stolen roughly $450 million in the first half of the year.

Among the top exploits is the social engineered CoinsPaid hack. The Ukrainian crypto payments provider, based in Estonia, suffered a reportedly $37.3 million attack on July 26.

The company suspected the North Korean hackers’ guild, known as the Lazarus group.

“The reason we suspected them [Lazarus Group] is that everyone who came under Lazarus Group’s attacks had very similar, if not identical money laundering schemes, using bridges and mixers.”

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

The CEO added that investigations revealed a similar pattern in the CoinsPaid hack. The Lazarus group has been linked to several hacks over the past months — the total stolen assets are reportedly more than $270 million.

A month after the hack, CoinsPaid stated in a blog post that the North Korean hackers socially engineered their way to get access to the company’s internal computers. The group had been targeting the firm’s employees for six months with high-paying jobs — some were offered between $16,000 and $24,000 per month.

The report revealed the hackers could not breach CoinsPaid’s systems directly despite trying different types of attacks, including a distributed denial of service (DDoS) attack.

“It bears mentioning that before targeting CoinsPaid employees the hackers attempted to attack our system directly. Using public endpoints as the avenue of attack, they tried to brute force their way in and gain access. That idea failed, however, so they decided to seek out another angle and turned to social engineering.”

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

In July, one of the CoinsPaid employees was approached by fake HR recruiters and offered an opportunity to take part in an interview for a new job, the CEO claimed. The supposed interviewer sent a link to install corporate communications software similar to Zoom. However, when the employee downloaded the software, per Krupyshev, it turned out to be a remote PC administration and management tool.

“So at that stage, it was not even malware installed directly into our system. That person just ended up giving the hackers access to our infrastructure through their computers. The malware was uploaded by the hackers themselves at a later point in time.”

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

Once the employee understood that the job offer was used as a smokescreen that resulted in CoinsPaid’s hack, “they came forward with the information themselves, revealing everything that they knew.”

The CEO added that the company has appreciated the employee’s loyalty, and the employee is still working in the company. He said:

“This case also showed that our company has a good corporate culture. The environment that we created in our team over the years was encouraging enough that the employee in question was not afraid to come forward and admit their mistakes before company management.”

Compensation and constipation

While the hackers stole a whopping $37.3 million from CoinsPaid, Krupyshev says that the company compensated the customers from the company’s reserves. He claimed the clients didn’t lose any money in the process. 

The CoinsPaid CEO did not disclose any information regarding the investigation process “as it would interfere with the investigation.”

The hack resulted in a significant loss from CoinsPaid’s profit, Krupyshev added. He told crypto.news that the team managed to restore everything back to normal within two days after the hack despite rebuilding the “whole infrastructure from the ground up” — claiming the withdrawals and deposits are fully operational at the moment. 

Krupyshev added that CoinsPaid has been surviving well in the middle of the bear storm as the company is making a profit from the processed transactions.

“As far as the current trend goes, it bears saying that the number of transactions we process and our turnovers kept growing several times in the bear market.”

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

The priceless lesson

Krupyshev stated the base infrastructure of CoinsPaid has been working “flawlessly” and called it solid. He pointed out that “man was the weakest link in the system.” 

“We are of the mind that exploiting real people is a trend that will continue to be present in the market and, in fact, only grow further. Due to the development of social networks and AI, businesses are now more vulnerable than ever to the kind of manipulation that targets individuals rather than systems.” 

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

He added that “human nature” could leave openings that could potentially be exploited, and “rash actions can often lead to losses, like what we saw this time.”

The CEO pointed out a new training program, and employees must be prepared to deal with such situations.

“The attack served as a reminder that there is no upper limit to strive for when it comes to security. This is why CoinsPaid is taking steps to deepen our anti-hacker education and training.” 

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

Moreover, Krupyshev said the specific measures that CoinsPaid plans to implement are revising access rights, security audits, changing operational processes and investments to bolster the infrastructure’s security.

These measures are necessary, per Krupyshev, to limit the company’s exposure to risk in the event of another attack that involves social engineering. 

“Now that we’ve rebuilt our systems from scratch, CoinsPaid will be employing the services of white-hat hackers to test our defenses further and patch up any possible holes.”

Max Krupyshev, co-founder and CEO of CoinsPaid, told crypto.news.

He also noted the importance of transparency to build trust among employees and clients in case a similar situation happens.