North Korean Hackers Linked to $7.5M Crypto Gateway Breach

Crypto payment gateway CoinsPaid lost almost $7.5 million after a series of unauthorized transactions. This has been its second security breach in the past six months, Web3 security firm Cyvers reported, cited by Cointelegraph.

The firm’s AI system detected a series of irregular transactions, which enabled the perpetrator to withdraw digital assets worth $6.1 million in USDT, ETH, USDC, and CPD, CoinsPaid’s native token.

Attack postmortem

Cyvers posted on X that the cybercriminal exchanged just under 100 million CPD tokens for ether worth around $368,000. Then, he moved the assets to crypto exchanges WhiteBit, MEXC, and ChangeNOW and externally owned accounts.

A second analysis revealed illicit transactions involving Binance Coin (BNB) worth over $1 million, bringing the total losses to around $7.5 million.

CoinsPaid lost more money than it processed

CoinsPaid, an Estonian payment processor for digital assets, lost over $37 billion in a security breach in the summer of last year. Cybercriminals tricked a CoinsPaid employee through a fake job interview. Apparently, the employee downloaded malware while responding to the job offer and let malicious entities steal data in the process. He also gave them access to the company’s infrastructure.

Interestingly, the payment processor has now lost more than twice as much money as it has processed. The latter amount stands at EUR 19 billion.

Lazarus perpetrated the attack

According to CoinsPaid’s postmortem report, North Korean state-backed Lazarus Group was behind the breach. The company pointed out that the group had tried to infiltrate its system a number of times since March 2023. However, it failed repeatedly, and adopted new and more sophisticated approaches to target staff members, including social engineering techniques.

It is assumed Lazarus Group was behind the Ronin bridge exploit, in which $625 million was stolen from Axie Infinity. The monumental hack took place in March 2022.