CoinsPaid hacked again, more than $7 million missing

CoinsPaid hacked again, more than $7 million missing

[ad_1]

Estonian crypto payment service provider CoinsPaid suffered a cyber attack on Friday, January 5, resulting in the theft of approximately $7.5 million in cryptocurrency on the Binance (BNB) and Ethereum (ETH) chains.

The Cyvers platform’s real-time security alert reported the breach via its social media accounts on X.

This is not the first time hackers have stolen funds from CoinsPaid. Recall how in July 2023, the company suffered a data breach that resulted in the theft of $37.3 million. The company used its reserves to compensate customers.

It is unclear who is responsible for the hack, but the Cyvers team suspects it may be the Lazarus group.

CyVers CEO Deddy Lavid provided exclusive comments to crypto.news on the matter: “On January 5, 2024, at 6:13:23 PM UTC, the Coinspaid exchange suffered a major security breach, resulting in a total loss of $7.5 million. . Digital assets on the BNB and ETH chains. The stolen assets include USDT, USDC, CPD on the ETH chain, and BNB and BSC-USD on the BNB chain.”

The hackers allegedly exchanged the assets for ETH and allocated them to various externally owned accounts (EOA) on the ETH and BNB chains.

“In addition, some of the stolen funds were deposited into WhiteBit, MEXC and ChangeNow exchanges,” Ravid said. “The root cause of the incident was inadequate wallet access controls. It is worth noting that the exchange was previously alerted to a potential vulnerability by Cyvers in July 2023, when Coinspaid Systems and Alphapo suffered a breach linked to the North Korean Lazarus group. Billion dollar theft.”

Payments platform Alphapo was also the victim of a massive exploit that resulted in the loss of $23 million across various crypto assets, including Bitcoin (BTC), Tron (TRX), and Ethereum (ETH).

CoinsPaid and Lazarus

In the past, CoinsPaid has Suspect North Korean hackers affiliated with the Lazarus group were responsible for attacking its systems. Krupishev explained that the investigation revealed similar patterns and plans favored by Lazarus.

The group has been linked to numerous hacking campaigns over the years.Over the past six years, the entity It is said Approximately $3 billion worth of cryptocurrency was stolen. In 2023, it stole $600 million in digital assets.

A month after the hack, CoinsPaid said in a statement blog post North Korean hackers used social engineering to gain access to a company’s internal computers.

For six months, the organization has been providing high-paying jobs to the company’s employees – some of which pay between $16,000 and $24,000 a month.

The CEO claims that in July, a CoinsPaid employee was approached by a fake human resources recruiter and offered an interview for a new job.

The “interviewer” sent a link to install corporate communications software similar to Zoom. When employees downloaded the software, they discovered it was a remote PC management tool.

The employee then realized the job offer was being used as a smokescreen to compromise CoinsPaid and reported the hack.


Follow us on Google News

ad min

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *