CoinsPaid, a cryptocurrency payment gateway, has suffered its second security compromise in six months. Cyvers, a Web3 security firm, disclosed detected unauthorized transactions worth approximately $7.5 million.
On January 6, the artificial intelligence system of Cyvers identified several anomalous transactions, which authorized the withdrawal of digital assets valued at $6.1 million in Tether, Ether, USD Coin, and CoinsPaid’s native token CPD.
Cyver’s team on X (formerly Twitter) reports that the assailant exchanged an estimated $368,000 worth of ETH for 97 million CPD tokens before transferring the funds to externally owned accounts (EOAs) and cryptocurrency exchanges MEXC, ChangeNOW, and WhiteBit. As of this writing, CoinGecko data indicates that CPD is trading at $0.0006, a decrease of 39.5% in twenty-four hours.
Upon additional examination, Cyver detected unauthorized transactions involving BNB that exceeded $1 million in value, bringing the total misappropriated funds to approximately $7.5 million.
CoinsPaid, an Estonian digital asset payment processor, asserts that it has processed more than 19 billion euros worth of cryptocurrency transactions. On account of the assault, the organization has yet to provide a statement.
Another security compromise occurred on the platform in July 2023, resulting in the theft of more than $37 million. According to CoinsPaid, a fraudster deceived one of its employees with a bogus job interview.
The employee purportedly accepted a job offer by downloading a malevolent code, granting unauthorized individuals access to CoinsPaid’s infrastructure, and facilitating the theft of sensitive data.
CoinsPaid attributed the breach to the Lazarus Group, backed by the North Korean government, in a post-mortem report. The report noted that the group had failed multiple attempts to breach the platform since March 2023.
Still, after each failure, they resorted to “extremely sophisticated and vigorous social engineering techniques” aimed at employees rather than the organization as a whole.
In 2023, the Lazarus Group is suspected of orchestrating multiple crypto breaches. According to the blockchain intelligence firm TRM Labs, the group seized at least $600 million in cryptocurrencies last year.
