The crypto-payment provider, CoinsPaid, fell victim to a cyberattack, resulting in a $7.5 million cryptocurrency theft from Binance and Ethereum chains, according to Cyvers.
This marks the second breach for CoinsPaid, following a $37.3 million hack in July 2023. The perpetrator remains unknown, but suspicions point to the Lazarus group, previously linked to the company’s security woes.
CyVers CEO, Deddy Lavid, highlighted inadequate wallet access control as the root cause. The hacker converted stolen assets to ETH and spread them across various accounts on ETH and BNB chains.
Some funds were deposited into exchanges like WhiteBit and MEXC. CoinsPaid had previously been alerted to vulnerabilities by Cyvers in July 2023. Investigations revealed the Lazarus group’s involvement, employing social engineering tactics.
The group, notorious for stealing $3 billion in crypto over six years, targeted CoinsPaid employees with fake job offers, compromising internal systems.