Crypto Payment Gateway CoinsPaid Hacked Yet Again

CoinsPaid, a payment processor offering solutions to bridge the gap between companies that generally operate within the traditional finance system and customers who wish to pay in crypto, has suffered its second major security breach within the past half year.

According to its website, over a million transactions with a total value of approximately 7 million EUR are carried out with their help every month. To date, CoinsPaid claims to have processed more than 19 billion euros worth of crypto transactions.

Lazarus Group Responsible for First Hack

On the 22nd of July, CoinsPaid suffered an attack that resulted in a loss of $37.3 million. At the time, the firm ceased operations for four days while investigating the breach with the help of Binance, Chainalysis, and others.

Following a post-mortem, the investigators concluded that the infamous North Korean Lazarus Group was responsible for the attack. By staging a job interview with one of CoinsPaid’s employees, Lazarus was able to trick the employee into downloading some malicious code that eventually allowed them to send authorized withdrawal requests to the firm’s hot wallets, although the wallets themselves were never breached.

Allegedly, this convoluted breach happened only after several months of attempts to bypass the platform’s security measures in a more traditional manner.

“Internal security measures triggered the alarm system and allowed us to swiftly stop the malicious activity and throw the hackers out of the company’s perimeter.”

Unfortunately, the platform has found itself under attack yet again, although it is unclear whether Lazarus is behind this one as well.

Cyvers Detects Unauthorized Access

Late last week, blockchain cybersecurity firm Cyvers sounded the alarm on a series of unauthorized transactions involving USDT, USDC, ETH, BNB, and the platform’s own token, CPD.

Altogether, $7.5 million was stolen from CoinsPaid and moved to an external wallet. The funds were then rerouted to crypto exchanges such as ChangeNOW, WhiteBit, MEXC, and others.

🚨UPDATE🚨After more investigation, our system has detected more unauthorized transactions on #BNB too involving @coinspaid

Hacker has got another $1M worth of digital assets 924K BSC-USD and 268.5 $BNB.
All together total loss is $7.5M

Hacker’s address:… https://t.co/877vBm0Uah pic.twitter.com/xD6tg9QznK

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) January 6, 2024

The attack pattern seems similar to the one used in July, raising the possibility that perhaps the bad actor’s access to the platform was not completely purged by the CoinsPaid team due to human oversight.

Although the scope of the attack is not nearly as large as the previous one, the amount stolen is nevertheless roughly equal to the numbers CoinsPaid claims to process monthly.

Until now, the platform has not released any official statement on the matter.