Another Crypto Hack: CoinsPaid Accuses Lazarus Behind Recent $37.3 Million Crypto Theft
CoinsPaid, an Estonian crypto-payments service provider, recently fell victim to a cyber attack on July 22, 2023, resulting in the theft of $37.3 million worth of cryptocurrency.
The attack caused significant economic damage and disrupted the availability of the payment platform. However, CoinsPaid has assured its clients that their funds remain safe and fully accessible, minimizing the incident’s impact on the company’s overall business.
Attributing the attack to the notorious North Korean hacking group Lazarus, CoinsPaid stated that the sophisticated state-backed actor had aimed for a more substantial cash-out.
“We believe Lazarus expected the attack on CoinsPaid to be much more successful,” stated CoinsPaid in their press release.
Despite the accusations, CoinsPaid did not disclose the specifics of how they linked the attack to Lazarus, and independent verification of these claims remains pending. However, the crypto branded Lazarus as “one of the most powerful hacker organisations” with victim list spanning Sony, Axie Infinity, Horizon Bridge, Atomic Wallet, and Alphapo.
In response to the breach, the company’s dedicated team of experts worked diligently to bolster their security systems and minimize the fallout, leaving Lazarus with a considerably reduced reward.
On Thursday, the company said it “is back to processing” and that “client’s funds were not affected and are fully available.”
“As a result of a hybrid attack on our company, which involved elements of social engineering, aggressive bribery attempts of critical personnel, and attacks on numerous internet-accessible applications, the attackers managed to identify a vulnerable application that was not directly involved in service provision. By exploiting this vulnerability, some components of our infrastructure in the transactions chain were compromised, and attempts were made to alter data in transactions,” the firm explained the hack.
Following the attack attempt, CoinsPaid said its team implemented a series of robust security measures to ensure the protection of their clients’ funds, including safeguarding unaffected operational funds by transferring them to cold wallets and changing all secret keys and wallet addresses to enhance security.
“We want to assure our clients that while the vulnerability has been successfully fixed, and security has been restored, specific technical details will not be publicly disclosed due to security reasons,” CoinPaid added.
CEO Max Krupyshev informed the public that prominent entities in the crypto industry, including Chainalysis, Binance, Crystal, Match Systems, Staked.us, OKCoinJapan, and Valkyrieinvest, are actively participating in the investigation. Additionally, Estonian law enforcement authorities have been notified and are collaborating in the tracking efforts.
“We have no doubt the hackers won’t escape justice,” Krupyshev emphasized.
Coincidentally, just the day before, Lazarus was also implicated in a $60 million cryptocurrency heist targeting the payment processing platform Alphapo, which is still recovering from the attack.
Though concrete evidence of Lazarus’ involvement in that particular incident remains undisclosed, distinct hallmarks commonly associated with the group were present.
Given the similarity in the business type of both targeted companies, Alphapo and CoinsPaid, it appears that the Lazarus Group may have directed their focus toward cryptocurrency payment processors in this recent wave of attacks.
Prior to these incidents, the threat actor had successfully stolen $35 million from Atomic Wallet, $100 million from Harmony Horizon, and an astounding $617 million from the Axie Infinity blockchain-based game.
Information for this story was found via Bleeping Computer and the sources and companies mentioned. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.