Estonian digital asset payment processor CoinsPaid has experienced a second security breach in the last six months, resulting in unauthorized transactions totaling nearly $7.5 million, as reported by web3 security firm Cyvers.
On January 6, at 1:26 pm GMT, Cyvers’ AI system detected irregular transactions leading to the withdrawal of $6.1 million in digital assets, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s native token CPD. The attacker reportedly exchanged around 97 million CPD tokens, valued at about $368,000, for ETH and subsequently transferred the funds to externally owned accounts (EOAs) and various crypto exchanges, such as MEXC, WhiteBit, and ChangeNOW.
Further investigation by Cyver unveiled additional unauthorized transactions involving Binance Coin (BNB) worth over $1 million, bringing the total stolen amount close to $7.5 million. Cyver shared transaction details, including the hacker’s address, on social media.
As of now, CoinsPaid has not provided official updates on the security breach.
This recent incident follows a hack in July 2023, where hackers stole over $37.3 million. In this case, attackers deceived an employee through a fake job interview, leading to the download of malicious code that granted unauthorized access to CoinsPaid’s infrastructure.
In both the recent and July incidents, the tactics mirrored those associated with the Lazarus Group, a sophisticated North Korean hacking organization. The company suspected the group’s involvement in the July hack and filed a report with Estonian law enforcement. Blockchain security firms, including Chainalysis, Match Systems, and Crystal, aided CoinsPaid’s preliminary investigation.
Despite these security challenges, the Lazarus Group reportedly holds cryptocurrency holdings exceeding $47 million, primarily in Bitcoin (BTC), Ether (ETH), and Binance Coin (BNB). The crypto industry faces ongoing security challenges, emphasizing the need for robust measures to secure payment gateways.