Estonian cryptocurrency payment gateway CoinsPaid was hacked for the second time in just 6 months, losing close to $7.5 million in unauthorized transactions. The breach was detected on January 6th by web3 security firm Cyvers, who spotted irregular activity involving popular stablecoins USDT and USDC, as well as 97 million tokens of CoinsPaid’s native CPD token worth $368,000.
Keypoints
- Crypto payment gateway CoinsPaid suffered its second hack in 6 months, losing close to $7.5 million this time
- Web3 security firm Cyvers detected unauthorized transactions on Jan 6th involving USDT, ETH, USDC, BNB and CoinsPaid’s native token CPD
- In July 2023, CoinsPaid lost $37 million in a hack attributed to the North Korean Lazarus Group, who used social engineering on an employee
- CPD token dropped 40% after the latest hack to $0.0006 per token
- CoinsPaid has yet to issue an official statement on the recent breach, leaving users awaiting news
The funds were swiftly transferred out of CoinsPaid by the attacker and through several cryptocurrency exchanges including MEXC, WhiteBit and ChangeNOW. Further analysis by Cyvers revealed an additional $1 million in BNB was stolen, bringing the total losses to around $7.5 million.
CoinsPaid’s native token CPD plunged 40% following news of the hack to $0.0006 per token, as traders reacted to the company’s weakened security position.
This latest incident comes just 6 months after CoinsPaid lost $37 million in a July 2023 hack. In that exploit, North Korean state-sponsored hacking group Lazarus managed to gain access by socially engineering a CoinsPaid employee. Lazarus tricked the employee into downloading malicious code through a fake job interview process.
????ALERT????Our AI powered system has detected multiple unauthorized transactions with @coinspaid
Hacker was able to gain more than $6.1M worth of digital assets involving 4.8M $USDT, 500 $ETH 97M $CPD and 106K $USDC.
All $CPD has been swapped for $ETH and rest of the digital… pic.twitter.com/pIDS1pkh5m
— ???? Cyvers Alerts ???? (@CyversAlerts) January 6, 2024
While Cyvers did not attribute the latest breach to Lazarus, the attack methodology bears similarities. CoinsPaid is yet to issue an official statement on the recent breach, leaving users speculating on the future of the company.
With two hacks totaling over $44 million in losses in just half a year, CoinsPaid faces an uphill battle in regaining the trust of clients. The repeated exploits also further highlight the security risks involved with centralized crypto platforms and hot wallets.
CoinsPaid facilitates over $7 million in transactions per month and has processed more than $19 billion worth of crypto payments since its inception. The back-to-back multimillion dollar thefts represent a serious blow for one of the largest crypto payment gateways globally.
While hacks are commonplace in the crypto world, successful repeat attacks are rare. The lack of transparency and communication from CoinsPaid has left many customers frustrated as they await further details.
Rival payment platforms will seek to capitalize on the uncertainty by ramping up marketing efforts targeting CoinsPaid’s large user base. With trust in its security shattered, the coming days and weeks will prove crucial in determining whether CoinsPaid can survive the double-hack calamity.
Source: https://blockonomi.com/crypto-payment-processor-coinspaid-suffers-second-multimillion-dollar-hack-in-6-months/