Crypto gateway CoinsPaid hacked for over $7.5M — Cyvers

January 8, 2024

CoinsPaid has experienced its second security breach in six months, according to Web3 security firm Cyvers.

Crypto payment gateway CoinsPaid has experienced its second security breach in six months. Web3 security firm Cyvers reported detecting unauthorized transactions of nearly $7.5 million.

Cyvers’ artificial intelligence system detected multiple irregular transactions on Jan. 6, allowing the withdrawal of $6.1 million worth of digital assets in Tether, Ether, USD Coin and CoinsPaid’s native token CPD.

According to Cyver’s team on X (formerly Twitter), the attacker swapped around 97 million CPD tokens for ETH worth approximately $368,000 before moving the funds to externally owned accounts (EOAs) and crypto exchanges MEXC, WhiteBit and ChangeNOW. CoinGecko’s data shows CPD trading at $0.0006 at the time of writing, down 39.5% in 24 hours.

Following further analysis, Cyver identified unauthorized transactions involving BNB worth more than $1 million, bringing the total amount stolen close to $7.5 million.

CoinsPaid is an Estonian payment processor for digital assets and claims to have processed over 19 billion euros in crypto transactions. The company has not yet commented on the attack.

The platform suffered another security breach in July 2023, with over $37 million stolen. According to CoinsPaid, hackers used a fake job interview to trick one of its employees. The worker allegedly responded to a job offer and downloaded a malicious code, allowing the bad actors to steal information and provide them with access to CoinsPaid’s infrastructure.

In a post-mortem report of the hack, CoinsPaid blamed the North Korean state-backed Lazarus Group for the incident, noting that the group had attempted to infiltrate the platform several times since March 2023 but switched to “highly sophisticated and vigorous social engineering techniques” after multiple failures — targeting employees rather than the company itself.

The Lazarus Group is believed to be behind several crypto hacks in 2023. Blockchain intelligence firm TRM Labs reported the group stole at least $600 million in crypto last year.

Source: cointelegraph.com

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

RELATED ARTICLESMORE FROM AUTHOR

El Salvador Bitcoin Holdings Reach $349M, Bhutan Still Ahead

Ethereum In 2021 Vs. 2024: Fractal Suggests Major Breakout In Q4

BREAKING: Fed Cuts Rates—Bitcoin And Markets React With A Bang

RELATED ARTICLES MORE FROM AUTHOR