CoinsPaid Suffers Second Major Security Breach in Six Months with $7.5M Crypto Theft
Summary:
CoinsPaid experienced its second security breach in six months, with unauthorized transactions of nearly $7.5 million detected by Web3 security firm Cyvers. The illicit transfers involved various digital currencies, including Tether, Ether, USD Coin, and CoinsPaid's CPD token. This follows another hack in July 2023, which saw over $37 billion stolen. The company blamed the North Korean-backed Lazarus Group, known to have stolen at least $600 million in crypto last year. CoinsPaid has yet to comment on the matter.
CoinsPaid, a crypto payment platform, has once again fallen victim to a security lapse, its second in only half a year. Web3 security specialist Cyvers made public its findings of unauthorized transfers nearing $7.5 million. The artificial intelligence of Cyvers flagged numerous unusual operations on January 6, amounting to a withdrawal of $6.1 million in virtual currencies like Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid's own CPD token. X (previously known as Twitter), on behalf of the Cyver's squad, relayed that the perpetrator exchanged around 97 million CPD tokens, equivalent to roughly $368,000, to ETH, before transferring the assets to external accounts and digital currency platforms such as MEXC, WhiteBit, and ChangeNOW. At the moment, CPD is exchanging at $0.0006, demonstrating a drop of 39.5% within a day, according to data from CoinGecko. Subsequent investigations by Cyver unearthed illegitimate transactions involving over $1 million in BNB (BNB), pushing the total pilfered amount to nearly $7.5 million. CoinsPaid, an Estonian digital asset payment processor, responsible for processing more than 19 billion euros in cryptocurrency transactions, has yet to comment on the issue. Another security violation happened on this platform in July 2023, leading to a loss exceeding $37 billion. Hackers reportedly fooled an employee of CoinsPaid through a sham job interview. The employee responded to a job proposition and unintentionally installed a harmful program that let the culprits access CoinsPaid's infrastructure and steal valuable data. The Lazarus Group, supported by North Korea, was implicated by CoinsPaid in a post-incident report of the hack, stating that the group had tried several violations since March 2023 before resorting to advanced social engineering tactics. This shifted their focus from targeting the company to its staff. This group is suspected to have orchestrated multiple digital currency hacks in 2023. TRM Labs, a blockchain intelligence company, reported that the Lazarus Group had stolen a minimum of $600 million in crypto assets last year. Magazine: Unraveling DeFi’s billion-dollar enigma: The shadow actors behind crypto heists.
Published At
1/8/2024 12:46:28 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.