CoinsPaid, a crypto payment gateway, encountered a security breach, marking its second within a six-month period. Cyvers, a Web3 security company, identified unauthorized transactions amounting to approximately $7.5 million. Their artificial intelligence system flagged several illicit transactions on January 6, allowing the withdrawal of funds totaling $6.1 million, including Tether, Ethereum, USDC, and CPD, the native token of CoinsPaid.
Cyvers found the unauthorized transactions on platforms such as WhiteBit and ChangeNOW. Notably, CoinsPaid's native token CPD saw a decline of 39.5% in the last 24 hours, trading at $0.0006 according to CoinGecko. Further scrutiny by Cyvers revealed additional unauthorized transactions involving BNB valued at over $1 million, summing up the total amount stolen to nearly $7.5 million.
CoinsPaid functions as an Estonian digital asset payments processor and has reportedly processed over €19 billion in cryptocurrency transactions. Despite the breach, the company has refrained from commenting on the attack. This occurrence follows a previous security breach in July 2023, which resulted in losses exceeding $37 million. In that instance, hackers leveraged a fake job interview to deceive one of CoinsPaid's employees. The individual unwittingly downloaded malicious code, granting hackers access to the platform's infrastructure.
In a detailed assessment of the hack, CoinsPaid attributed the incident to the North Korean state-backed Lazarus group. They noted that the group had made multiple attempts to breach the platform since March 2023. However, when these attempts failed, the group employed highly advanced social engineering techniques targeting employees instead of directly attacking the company itself. The Lazarus Group has been linked to various cryptocurrency hacks in 2023, with estimates by blockchain intelligence firm TRM Labs suggesting they stole at least $600 million in cryptocurrency during that period.
