CoinsPaid, a crypto-payment service provider, faced a significant cyber attack resulting in the theft of $37.2 million worth of cryptocurrency. The company attributes the breach to the notorious North Korea-linked APT Lazarus, which has been behind other high-profile attacks on platforms like Axie Infinity and Atomic Wallet.
Although CoinsPaid reassured its clients that their funds were not impacted, the attack affected the platform’s availability and revenue. A dedicated incident response team is actively investigating the breach and strengthening the company’s security measures.
In the aftermath of the attack, CoinsPaid’s CEO, Max Krupyshev, emphasized their commitment to restoring services in a new secure environment, expecting a few more days to address minor details. Krupyshev also expressed confidence that the hackers would not evade justice.
The company received support from various blockchain security firms and crypto-exchanges, including Chainalysis, Binance, Crystal, Match Systems, Staked.us, OKCoinJapan, and Valkyrieinvest. Estonian law enforcement authorities were notified and have launched their investigation into the incident.
CoinsPaid plans to collaborate with other victims of Lazarus attacks in a round table discussion aimed at sharing information to prevent future cyber assaults.
The attack serves as a stark reminder of the ongoing threats faced by cryptocurrency platforms and the importance of robust security measures to safeguard both client funds and service availability.