Key takeaways:
- CoinsPaid, a cryptocurrency payment gateway, suffered its second security incident in as many months.
- The attacker exchanged almost 97 million CPD tokens for ETH worth about $368,000, according to Cyver’s team on X.
CoinsPaid, a cryptocurrency payment gateway, suffered its second security incident in as many months. The Web3 security company Cyvers claimed to have found around $7.5 million in illicit transactions.
On January 6, the artificial intelligence system of Cyvers discovered several anomalous transactions, which made it possible to withdraw digital assets valued at $6.1 million from Tether, Ether, USD Coin, and CoinsPaid’s native token, CPD.
The attacker exchanged almost 97 million CPD tokens for ETH worth about $368,000, according to Cyver’s team on X (formerly Twitter). The monies were then transferred to externally owned accounts (EOAs) and cryptocurrency exchanges MEXC, WhiteBit, and ChangeNOW.
Cyver discovered unauthorized transactions involving BNB worth more than $1 million after doing additional analysis, bringing the total amount taken to about $7.5 million.
Over 19 billion euros worth of cryptocurrency transactions have reportedly been completed by CoinsPaid, an Estonian payment processor for digital assets. The business hasn’t yet responded to the attack.
On the same day, the CoinsPaid team declared that they were aware of the situation, had frozen the cash, and had begun the necessary investigation. The team mentioned:
“Security and compliance with AML standards is one of WhiteBIT’s main priorities. Therefore, we have frozen the funds in question and are conducting the relevant procedures.”
In July 2023, there was another security breach on the site, resulting in the theft of almost $37 million. As per CoinsPaid, a phony job interview was utilized by hackers to deceive one of their staff members. The employee is said to have downloaded malicious code in response to a job offer, which gave the bad guys access to CoinsPaid’s infrastructure and enabled them to steal data.
In a post-mortem report on the hack, CoinsPaid attributed the incident to the Lazarus Group, which is supported by the North Korean state. The report stated that the group had made multiple attempts to infiltrate the platform since March 2023, but after several failures, they shifted to using “highly sophisticated and vigorous social engineering techniques” to target employees instead of the company.
Numerous cryptocurrency hacks in 2023 are thought to have been carried out by the Lazarus Group. According to blockchain intelligence company TRM Labs, the organization pilfered cryptocurrency worth at least $600 million in 2018.
