Connect with us

Hi, what are you looking for?

Income Innovator HubIncome Innovator Hub

Editor's Pick

CoinsPaid Faces Second Security Breach in Six Months, Unauthorized Transactions Totaling $7.5 Million Detected

Source: AdobeStock / Sergey Nivens

The Estonian payment processor for digital assets, CoinsPaid, has suffered its second security breach in the last six months, with unauthorized transactions totaling almost $7.5 million,  web3 security firm Cyvers reported.

Cyvers’ artificial intelligence system identified multiple irregular transactions at 1:26 pm GMT on January 6, resulting in the withdrawal of $6.1 million worth of digital assets, including Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s native token CPD.

The attacker reportedly swapped around 97 million CPD tokens, valued at approximately $368,000, for ETH and subsequently transferred the funds to externally owned accounts (EOAs) and various crypto exchanges, including MEXC, WhiteBit, and ChangeNOW.

UPDATEAfter more investigation, our system has detected more unauthorized transactions on #BNB too involving @coinspaid

Hacker has got another $1M worth of digital assets 924K BSC-USD and 268.5 $BNB.
All together total loss is $7.5M

Hacker’s address:… https://t.co/877vBm0Uah pic.twitter.com/xD6tg9QznK

— Cyvers Alerts (@CyversAlerts) January 6, 2024

Further analysis by Cyver revealed additional unauthorized transactions involving BNB (Binance Coin) worth over $1 million, bringing the total stolen amount close to $7.5 million. Cyver shared details about the transactions on social media, including the hacker’s address.

As of now, CoinsPaid has not released any official updates or announcements regarding the security breach.

CoinsPaid Faces Second Major Security Breach


The recent security incident follows a previous hack in July 2023, where hackers stole over $37.3 million. According to CoinsPaid, the recent breach involved an attacker tricking one of its employees through a fake job interview, leading to the download of malicious code that granted unauthorized access to CoinsPaid’s infrastructure.

In the July incident, the hackers used sophisticated social engineering techniques, posing as potential employers and targeting individual workers. The compromised employee downloaded malicious code, providing the hackers with access to CoinsPaid’s infrastructure. The attackers exploited a vulnerability in the platform’s cluster, opening a backdoor and gaining knowledge that allowed them to reproduce legitimate requests for interaction with the blockchain. This ultimately enabled the withdrawal of funds from CoinsPaid’s operational storage vault.

CoinsPaid suspected the involvement of the Lazarus Group, a group known for its sophisticated cyberattacks, in the July hack. The company partnered with blockchain security firm Match Systems to track the stolen funds, with a significant portion traced to SwftSwap. The tactics employed by the hackers in both the recent and July incidents mirrored those associated with the Lazarus Group, adding to the suspicion.

CoinsPaid filed a report with Estonian law enforcement three days after the hack to facilitate a thorough investigation. Blockchain security firms, including Chainalysis, Match Systems, and Crystal, assisted in CoinsPaid’s preliminary investigation over the initial days.

Lazarus Group’s Cryptocurrency Holdings Exceed $47 Million


CoinsPaid faces the formidable task of securing its platform and infrastructure following two significant security breaches within six months. The crypto industry, grappling with evolving threats, has seen persistent challenges in fortifying the security of payment gateways.

Notably, the notorious Lazarus Group, a North Korean hacking organization, has reportedly amassed holdings exceeding $47 million in cryptocurrency, primarily consisting of Bitcoin (BTC).

According to a report from institutional crypto platform provider 21.co in October 2023, wallets linked to the Lazarus Group were found to contain approximately 1,600 Bitcoin, 10,810 Ether (ETH), and 64,490 Binance Coin (BNB). The cumulative value of cryptocurrency in the hacker group’s wallets was estimated at a staggering $75 million at the time of the report.

The post CoinsPaid Faces Second Security Breach in Six Months, Unauthorized Transactions Totaling $7.5 Million Detected appeared first on Cryptonews.

Enter Your Information Below To Receive Latest News, And Articles.

    Stay updated with the latest news, exclusive offers, and special promotions. Sign up now and be the first to know! As a member, you'll receive curated content, insider tips, and invitations to exclusive events. Don't miss out on being part of something special.


    By opting in you agree to receive emails from us and our affiliates. Your information is secure and your privacy is protected.
    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Editor's Pick

    Source: Ark Invest / Instagram ARK Investment Management, led by prominent investor Cathie Wood, has reduced its holdings in the Grayscale Bitcoin Trust (GBTC)...

    Latest News

    A super PAC that has overseen much of Ron DeSantis’s presidential operation has fired its CEO less than two weeks after the previous chief...

    Latest News

    WINDHAM, N.H. — It’s pouring rain Saturday morning as New Hampshire Gov. Chris Sununu (R) arrives at Mary Ann’s diner in Windham, fielding calls...

    Stock

    Popeyes is expanding its menu beyond chicken sandwiches — and it’s a permanent change this time. The fast-food chain announced Wednesday it’s adding five...

    Disclaimer: Incomeinnovatorhub.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


    Copyright © 2024 incomeinnovatorhub.com