CoinsPaid, a prominent cryptocurrency payments platform, has fallen victim to a staggering cyberattack, leading to the theft of a jaw-dropping $37.3 million. Suspicions point firmly at the North Korean state-backed Lazarus Group, a notorious hacking organization renowned for its audacious exploits.
The hackers infiltrated CoinsPaid’s internal systems on July 22, causing the platform to grind to a halt for four long days. Although the company managed to resume operations in a new, limited environment, the hack left considerable damage to their balance sheet and platform. Thankfully, customer funds remain secure, but the breach has left CoinsPaid reeling from the audacious attack.
Curiously, CoinsPaid reveals that the cybercriminals’ ambitions far surpassed their actual haul. It appears Lazarus Group was aiming for an even greater windfall, but the company’s diligent efforts to fortify their systems thwarted the hackers, leaving them with a “record-low reward.”
To bring the perpetrators to justice, CoinsPaid swiftly filed a report with Estonian law enforcement, enlisting the aid of blockchain security firms Chainalysis, Match Systems, and Crystal for an intense preliminary investigation. CoinsPaid’s CEO, Max Krupyshev, exudes confidence that Lazarus Group will not escape the long arm of the law.
Remarkably, SlowMist, a blockchain security firm, draws a chilling connection between the CoinsPaid hack and two other recent breaches in Atomic Wallet and Alphapo, tallying a colossal $100 million and $60 million in losses, respectively. Online coding platform GitHub corroborates this claim, asserting with “high confidence” that Lazarus Group has embarked on a social engineering scheme, cunningly targeting cryptocurrency and cybersecurity professionals.
