CoinsPaid, an Estonian provider of cryptocurrency payment services, was the target of a cyberattack that led to the theft of about $7.5 million in cryptocurrency on the Ethereum (ETH) and Binance (BNB) chains.
The hack was discovered by the Cyvers platform’s real-time security notifications on X social media. The money from CoinsPaid has been stolen by hackers before. Recall how the business experienced a breach in July 2023, resulting in the theft of $37.3 million. The company used its reserves to pay customers.
Although the perpetrator of the January 5th hack is still unknown, the Cyvers team believes the Lazarus organization may be involved. Deddy Lavid, CEO of CyVers, gave an exclusive statement on the subject:
“On January 5, 2024, at 6:13:23 PM UTC, the Coinspaid exchange suffered a significant security breach, resulting in a total loss of $7.5 million in digital assets on the BNB and ETH chains. Assets stolen included USDT, USDC, CPD on the ETH chain and BNB and BSC-USD on the BNB chain.”
Allegedly, the hacker converted funds into ETH and dispersed them around multiple externally owned accounts (EOAs) on the BNB and ETH chains.
“Additionally, some of the stolen funds were deposited into WhiteBit, MEXC, and ChangeNow exchanges,” Lavid said.
“The root cause of the incident is inadequate wallet access control. Notably, the exchange had previously been alerted to potential vulnerabilities in July 2023 by Cyvers, when the Coinspaid system and Alphapo suffered a $100 million theft linked to the North Korean Lazarus group.”
Another major vulnerability that affected payment site Alphapo cost $23 million in cryptocurrency assets, including Ethereum (ETH), Tron (TRX), and Bitcoin (BTC).
CoinsPaid vs. Lazarus
CoinsPaid has previously assumed that attacks on its system were carried out by North Korean hackers connected to the Lazarus organization. According to Krupyshev, the research uncovered comparable patterns and strategies that Lazarus favors.
Over the years, the gang has been connected to numerous hacks. The organization reportedly stole almost $3 billion worth of cryptocurrencies during the previous six years. It pilfered digital assets worth $600 million in 2023.
CoinsPaid revealed in a blog post a month after the incident that the North Korean hackers used social engineering to get access to the company’s internal computers.
For six months, the group pursued high-paying positions within the company; some were given between $16,000 and $24,000 a month. According to the CEO, one of the CoinsPaid staff members was contacted in July by fictitious HR recruiters who wanted to set up an interview for a new position.
A link to download Zoom-like corporate communications software was sent by the “interviewer.” The software was a remote PC administration and management solution when the employee downloaded it. The employee reported the hack after realizing that CoinsPaid was in danger due to the employment offer being utilized as a smokescreen.
