CoinsPaid Falls Victim to Cyberattack
CoinsPaid, an Estonian cryptocurrency payments service provider, faced a severe security breach on Saturday, Jan. 6. The attack resulted in the theft of approximately $7.5 million in cryptocurrencies, affecting both the Binance (BNB) and Ethereum (ETH) chains. This event marks another significant setback for the company, following a previous hack in July 2023, where $37.3 million was stolen.
Recurring Breaches and Growing Concerns
The repeat nature of these incidents raises alarming concerns about the safety of digital assets held by crypto exchanges. The Cyvers platform, a real-time security monitoring service, was the first to report the breach. Despite previous warnings and the substantial loss suffered in the past, CoinsPaid’s security measures seem to have been inadequate to prevent another large-scale theft.
Suspected Involvement of the Lazarus Group
The identity of the attackers remains unconfirmed, but suspicions are pointing towards the North Korean Lazarus group, known for their sophisticated cyber attacks. CyVers CEO Deddy Lavid commented on the specifics of the breach, noting the inadequacy in wallet access control and the previous alerts about potential vulnerabilities.
The Lazarus Group’s History with CoinsPaid
The Lazarus group’s involvement with CoinsPaid isn’t new. They have been linked to multiple attacks against the company, with a distinct pattern of socially engineering their way into the company’s systems. These tactics included high-paying job offers to employees, leading to compromised internal computers and significant financial losses.
The Wider Impact of the Hack
This incident extends beyond CoinsPaid, affecting other entities like Alphapo, and raises broader questions about the security protocols in place at crypto exchanges. It highlights the urgent need for robust cybersecurity measures in the rapidly growing and increasingly targeted cryptocurrency sector.
CoinsPaid’s efforts to manage the aftermath and prevent future incidents will be closely watched by investors, regulators, and other players in the crypto world. The increasing sophistication of hacker groups like Lazarus presents a continual challenge to the security and integrity of digital financial systems.