This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
CoinsPaid Suffers $7.5M Crypto Theft in Second Cyber Attack
The Crypto Times
The crypto-payment provider, CoinsPaid, fell victim to a cyberattack, resulting in a $7.5 million cryptocurrency theft from Binance and Ethereum chains, according to Cyvers.
This marks the second breach for CoinsPaid, following a $37.3 million hack in July 2023. The perpetrator remains unknown, but suspicions point to the Lazarus group, previously linked to the company’s security woes.
CyVers CEO, Deddy Lavid, highlighted inadequate wallet access control as the root cause. The hacker converted stolen assets to ETH and spread them across various accounts on ETH and BNB chains.
Some funds were deposited into exchanges like WhiteBit and MEXC. CoinsPaid had previously been alerted to vulnerabilities by Cyvers in July 2023. Investigations revealed the Lazarus group’s involvement, employing social engineering tactics.
The group, notorious for stealing $3 billion in crypto over six years, targeted CoinsPaid employees with fake job offers, compromising internal systems.