CoinsPaid, a crypto payment gateway, encountered its second security breach in half a year, as revealed by Web3 security firm Cyvers.
The breach led to unauthorized transactions amounting to nearly $7.5 million on January 6. The irregular activities involved withdrawals in Tether (USDT), Ether (ETH), USD Coin (USDC), and CoinsPaid’s native CPD token.
The attacker converted around 97 million CPD tokens, valued at approximately $368,000, into ETH and transferred the funds to external accounts and platforms like MEXC, WhiteBit, and ChangeNOW. Cyvers’ investigation uncovered additional unauthorized transactions in BNB, raising the total stolen amount to almost $7.5 million.
Despite this breach, CoinsPaid, an Estonian crypto payment processor, has not issued a public statement regarding the incident. Previously, in July 2023, CoinsPaid faced another security breach resulting in the theft of over $37 billion. The company attributed this breach to the North Korean state-backed Lazarus Group, alleging that the group used deceptive means to infiltrate CoinsPaid’s systems.
The Lazarus Group has been linked to various crypto-related hacks in 2023, reportedly pocketing a minimum of $600 million in crypto, as reported by blockchain intelligence firm TRM Labs.
