Crypto Payments Platform CoinsPaid Exploited for $7.5M, Second Breach in Six Months

Crypto payment gateway CoinsPaid has experienced its second security breach in the past six months, with Web3 security firm Cyvers reporting unauthorized transactions totaling nearly $7.5 million. Cyvers detected multiple irregular transactions on January 6, leading to the withdrawal of $6.1 million worth of digital assets in Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid's native token CPD.

The attacker swapped around 97 million CPD tokens worth approximately $368,000 for ETH and moved the funds to externally owned accounts (EOAs) and crypto exchanges MEXC, WhiteBit, and ChangeNOW. Further analysis by Cyvers identified unauthorized transactions involving BNB worth more than $1 million, bringing the total amount stolen close to $7.5 million.

CoinsPaid, an Estonian payment processor for digital assets, has yet to publicly comment on the attack.

The company claims to have processed over 19 billion euros in crypto transactions. In July 2023, CoinsPaid suffered another security breach resulting in the theft of more than $37 billion. The company blamed the North Korean state-backed Lazarus Group for the incident, alleging that the group used a fake job interview to trick an employee into downloading a malicious code, providing the attackers with access to CoinsPaid's infrastructure.

The Lazarus Group is believed to be behind several crypto hacks in 2023. Blockchain intelligence firm TRM Labs reported that the group stole at least $600 million in crypto last year.

Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.