CoinsPaid Faces Second Major Breach: Cypto Payment Gateway Hacked Again

CoinsPaid, a payment processing solution facilitating transactions between traditional finance companies and crypto-paying customers, faces its second significant security breach in six months.

Having processed over 19 billion euros in crypto transactions and facilitating a million transactions monthly worth around 7 million EUR, CoinsPaid encountered its initial setback on July 22. The first breach, resulting in a $37.3 million loss, prompted a four-day operational halt for investigation, with support from Binance, Chainalysis, and others.

Initial Breach Attributed to Lazarus Group

Post-investigation, the notorious Lazarus Group from North Korea emerged as the culprit. Through a deceptive job interview, an employee unwittingly downloaded malicious code, enabling authorized withdrawal requests to hot wallets without breaching them. 

The convoluted breach followed months of attempts to bypass traditional security measures.

"Internal security measures triggered the alarm system, allowing us to swiftly halt malicious activity and expel hackers from the company’s perimeter."

🚨UPDATE🚨After more investigation, our system has detected more unauthorized transactions on #BNB too involving @coinspaid

Hacker has got another $1M worth of digital assets 924K BSC-USD and 268.5 $BNB.
All together total loss is $7.5M

Hacker's address:… https://t.co/877vBm0Uah pic.twitter.com/xD6tg9QznK

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) January 6, 2024

Despite these measures, the platform faces a renewed threat, and it remains uncertain if Lazarus is responsible.

Cyvers Alerts on Unauthorized Access

Blockchain cybersecurity firm Cyvers recently flagged unauthorized transactions involving USDT, USDC, ETH, BNB, and CPD, CoinsPaid's token. Approximately $7.5 million was siphoned to an external wallet, redirecting funds to exchanges like ChangeNOW and WhiteBit.

While the attack echoes July's pattern, questions arise about the adequacy of CoinsPaid's purging efforts, possibly due to human oversight. Though the recent attack is less extensive than the previous one, the stolen amount aligns with CoinsPaid's monthly processing claims. As of now, the platform has not issued an official statement on the matter.