• CoinsPaid experienced a cyberattack resulting in a $7.5 million loss, with various cryptocurrencies stolen due to inadequate wallet access controls.
• The Lazarus Group is suspected of the attack, consistent with their history of targeting crypto platforms and causing significant financial damage.
• This incident represents the second significant breach for CoinsPaid in six months, with both attributed to the notorious Lazarus Group. 

Estonian crypto-payment gateway CoinsPaid reported a cyberattack on January 5, 2024, leading to a significant loss of approximately $7.5 million worth of various cryptocurrencies. The compromised assets include 4.8 million USDT, 500 ETH, 106,000 USDC, 924,000 BSC-USD, 268.5 BNB, and 97 million CPD tokens. Cyvers, a blockchain security firm, highlighted the platform’s inadequate wallet access control measures as the primary vulnerability exploited by the attackers.

In a maneuver to obscure the stolen funds, the criminals converted the cryptocurrencies into Ethereum (ETH) and distributed them across external accounts on both the Ethereum and Binance (BNB) chains. They also moved part of the stolen assets into several centralized exchanges, including MEXC, ChangeNow, and WhiteBit. Cyvers indicated the possibility of the infamous Lazarus Group‘s involvement.

Notably, this isn’t the first security incident for CoinsPaid. The same group targeted the platform in July 2023, resulting in a loss of $37.3 million. The Lazarus Group’s notorious reputation is built on its extensive portfolio of crypto heists, including high-profile breaches like Ronin Bridge, Harmony Bridge, and Atomic Wallet, cumulating losses in the hundreds of millions.

Deddy Lavid, CEO of CyVers, addressed the intricacies of the breach at CoinsPaid via a statement to a media publisher. He pinpointed “inadequate wallet access control” as the root cause of the incident. He underscored that the exchange had been previously “alerted to potential vulnerabilities” by CyVers, specifically pointing to the North Korean Lazarus group’s involvement in similar past attacks.

The broader crypto community also observed several other security incidents at the start of 2024. Orbit Chain, a decentralized protocol, suffered a loss of over $81 million due to unauthorized access to its multisig signers. Radiant Capital and Gamma, too, fell victim to separate attacks, leading to significant financial damages. These attacks highlight the persistent and evolving threats in the cryptocurrency sector.