Cryptocurrency payment gateway CoinsPaid, an Estonian digital asset processor, is reeling from its second security breach in just six months. Discovered by Web3 security firm Cyvers on January 6, the breach resulted in unauthorized transactions exceeding $7.5 million.
The malevolent actor exploited the vulnerability to withdraw various digital assets, including Tether, Ether, USD Coin, and CoinsPaid’s native token CPD. Notably, around 97 million CPD tokens were swapped for approximately $368,000 worth of Ether before being transferred to external accounts and crypto exchanges like MEXC, WhiteBit, and ChangeNOW. CoinsPaid, having processed over 19 billion euros in crypto transactions, has yet to issue an official statement regarding the recent attack.
This incident follows a previous breach in July 2023, where hackers orchestrated a $37 million theft by leveraging a fake job interview to deceive an employee. CoinsPaid attributed the earlier breach to the North Korean state-backed Lazarus Group, known for its adept use of highly sophisticated social engineering techniques.
Despite being a repeated target, CoinsPaid remains a significant player in the digital asset payment sector, underscoring the persistent challenges and evolving threat landscape faced by cryptocurrency platforms.
This breach highlights the ongoing vulnerability of financial systems to cyber threats, emphasizing the need for continuous vigilance and robust security measures within the rapidly expanding crypto industry. The recurrence of such incidents underscores the importance of proactive cybersecurity strategies to safeguard the integrity of digital assets and maintain user trust in cryptocurrency platforms.
Reference:
