CoinsPaid Loses $7.5M Following Second Cyberattack in Six Months
Crypto payment gateway CoinsPaid has undergone its second cyber security breach in the past six months. Web3 firm Cyvers briefed detection of unauthorized transactions of nearly $7.5 million.
Cyvers’ artificial intelligence system detected numerous erratic transactions on Jan. 6, authorizing the withdrawal of $6.1 million worth of digital assets in Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s native token CPD.
How CoinsPaid Lost Funds
According to Cyver’s team on X (previously known as Twitter), the hackers exchanged around 97 million CPD tokens worth roughly $368,000 for ETH, then rolled over the funds to externally owned accounts (EOAs) and crypto exchanges MEXC, WhiteBit, and ChangeNOW.
According to CoinGecko’s data trading report, it shows CPD is trading at $0.0006 at the time of writing, down 39.5% in a 24-hour trend. Furthermore, following additional analysis, Cyver singled out several unauthorized transactions involving BNB.
Additionally, BNB worth more than $1 million, summing the total amount stolen close to $7.5 million via a different crypto processor.
CoinsPaid is an Estonian payment processor for digital assets and asserted to have processed over 19 billion euros in crypto transactions. The firm has yet to comment on the attack.
Repeated Exploit Due To Loopholes?
Previously in July 2023, the platform suffered another security breach which resulted in more than $37 billion stolen. According to CoinsPaid, the threat actors used a fake job interview to trick one of its employees. The employee allegedly responded to a job offer and downloaded a malicious code, unknowingly authorizing the hackers to steal data and provide them with access to CoinsPaid’s infrastructure.
Furthermore, CoinsPaid blamed the North Korean state-backed Lazarus Group for the incident, referencing that the group had made an effort to infiltrate the platform several times since March 2023 but inverted to highly sophisticated and vigorous social engineering techniques after multiple failures – targeting employees rather than the firm itself.
The Blockchain intelligence firm TRM Labs reported the group stole at least $600 million in crypto last year.