Cryptocurrency payment gateway CoinsPaid has experienced its second security breach in a six-month period.
Cyvers, a Web3 security company, reported the discovery of unauthorized transactions. Specifically, on January 6, 2024, Cyvers’ AI system identified several irregular transactions, resulting in the withdrawal of $6.1 million in digital assets, including Tether, Ether, USD Coin, and CoinsPaid’s native token CPD. The attacker exchanged approximately 97 million CPD tokens for ETH, worth approximately $368,000, and then transferred the funds to externally owned accounts (EOAs) and cryptocurrency exchanges MEXC, WhiteBit, and ChangeNOW. CoinGecko data reveals a 39.5% drop in CPD value to $0.0006 at the time of writing.
Additional investigations by Cyvers revealed unauthorized transactions related to BNB, amounting to more than $1 million USD, bringing the total theft to close to $7.5 million USD. CoinsPaid, an Estonian payment processor for digital assets, confirms that it has facilitated more than €19 billion transactions in the cryptocurrency space according to Cointelegraph.com. However, the company did not issue any official statements regarding the latest attack.
CoinsPaid’s previous clashes with hackers
This incident comes on the heels of a security breach in July 2023, in which over $37 million USD was stolen from CoinsPaid. The company attributed the hack to the North Korean state-backed Lazarus Group, claiming that the group, after several failed attempts to infiltrate the platform since March 2023, resorted to advanced social engineering techniques. In the previous attack, hackers used a fake job interview to trick an employee, who unwittingly downloaded malicious code, granting unauthorized access to CoinsPaid’s infrastructure.
The Lazarus Group has been linked to several cryptocurrency hacks in 2023, with TRM Labs reporting it was involved in the theft of at least $600 million in cryptocurrencies during that year. TRM Labs revealed that entities linked to the Democratic People’s Republic of Korea (DPRK) were responsible for approximately 33% of all cryptocurrencies stolen through cyber breaches in 2023.
As described in a recent report, since 2017, DPRK-affiliated hackers have stolen an estimated US$3 billion worth of cryptocurrencies, indicating a notable escalation in attacks related to digital assets over the past year. TRM Labs also noted that the tactics used by the DPRK to launder money have shown continued evolution, as they adapt to evade international law enforcement pressures. The research pointed to a recurring pattern where hackers compromised users’ private keys or seed phrases, then transferred the stolen funds to North Korean-controlled wallets and then exchanged the assets for Tether or Tron.