CoinsPaid hacked, over $7m stolen

CoinsPaid, an Estonian crypto-payment service, experienced a significant cyberattack on January 5, resulting in the theft of roughly $7.5 million in digital assets from the Binance and Ethereum chains. The Cyvers security platform alerted the public to this latest breach.

The hackers executed asset swaps and distributions across various external accounts on both chains, with some funds deposited into exchanges like WhiteBit, MEXC, and ChangeNow. The attack's root cause was identified as inadequate wallet access control, a vulnerability initially pointed out by Cyvers in July 2023.

This lapse in security was linked to the North Korean Lazarus group, which has a history of targeting CoinsPaid through sophisticated social engineering, including deceptive job offers to employees.

This is a second major breach of CoinsPaid, following a previous incident in July 2023 that led to a $37.3 million loss. The Lazarus group's involvement in similar hacks and their methods of operation have led to substantial losses in the cryptocurrency sector over the years.