Crypto payment gateway CoinsPaid has faced its second security breach in half a year. Cyvers, a Web3 security firm, revealed detecting unauthorized transactions totaling almost $7.5 million.
On January 6, Cyvers’ AI system flagged multiple suspicious transactions that facilitated the withdrawal of $6.1 million. The withdrawals were done via Tether (USDT), Ether (ETH), USD Coin (USDC), and CPD (CoinsPaid’s native token).
The hacker(s) converted roughly 97 million CPD tokens, valued at $368,000, to Ethereum. They then transferred these funds to various accounts and three crypto platforms MEXC, WhiteBit, and ChangeNOW.
In response, WhiteBIT has already taken swift action to address the situation. In a statement posted on X (Twitter), the company declared, “We are aware of attempts to deposit funds stolen in the Coinspaid incident to WhiteBIT [ . . . ]. Therefore, we have frozen the funds in question.”
The price of one CPD token was $0.0006 when this information went public. This means that the token had depreciated by 39.5% in a day.
Cyver conducted further investigations and discovered more unauthorized transactions involving BNB. The total amount of the transactions done on Binance was in excess of $1 million.
In the current attack, hackers tricked a jobseeker using a fake job interview. The job seeker responded to the job offer and downloaded a malicious code, granting the hackers access to CoinsPaid’s infrastructure.
CoinsPaid’s preliminary report noted that Lazarus Group (a North Korean state-backed organization) is behind the hack. After unsuccessfully attempting to hack CoinsPaid since March 2023, the hackers shifted to more sophisticated techniques targeting employees.
The Lazarus Group was implicated in multiple crypto hacks last year. TRM Labs revealed that they lost approximately $600 million in crypto last year to this hacker group.
While this information is already in the public domain, CoinsPaid has yet to make an official comment on this recent breach. In the meantime, many countries are striving to implement effective measures to regulate digital currency, particularly cryptocurrency.