/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/post_attachments/wp-content/uploads/2024/01/Security-Breach-at-CoinsPaid-7-5M-in-Cryptocurrency-Stolen.jpg)
Crypto Payment Comapny CoinsPaid Faces Second Major Hack: $7.5 million in Cryptocurrency Lost
In yet another blow to the cryptocurrency industry, CoinsPaid, a digital assets payment company, fell victim to a security breach resulting in the loss of approximately $7.5 million worth of cryptocurrencies on January 5. This marks the second significant hack for CoinsPaid in the span of just six months, raising concerns about the platform's security measures.
Blockchain Security Firm Cyvers Points to Wallet Access Control Weakness
Blockchain security firm Cyvers, investigating the incident, attributed the security breach to the platform's inadequate wallet access control measures. This loophole allowed hackers to exploit vulnerabilities within CoinsPaid's security infrastructure, leading to the unauthorized access and subsequent theft of digital assets.
Details of the Security Breach
The attackers managed to abscond with a variety of cryptocurrencies, including 4.5 million USDT, 500 ETH, 106,000 USDC, 924,000 BSC-USD, 268.5 BNB, and a staggering 97 million CPD tokens. The diversity of the stolen assets suggests a strategic and coordinated effort by the perpetrators to maximize their gains.
To obfuscate the trail, the hackers converted the stolen assets into Ethereum (ETH) and transferred them to externally owned accounts on both the Ethereum and Binance Smart Chain (BNB) networks. Furthermore, the ill-gotten funds were funneled into several centralized exchanges, including MEXC, ChangeNow, and WhiteBit, making tracking and recovery efforts more challenging for authorities and affected platforms.
CoinsPaid's Troubled History: A Repeat Offender
Regrettably, this incident is not CoinsPaid's inaugural encounter with security breaches. The platform previously faced an attack in July 2023, orchestrated by the notorious Lazarus Group, a North Korea-backed hacking entity. During that episode, CoinsPaid experienced losses amounting to approximately $37.3 million and promptly reported the incident to law enforcement agencies.
The Lazarus Group, infamous for targeting various cryptocurrency platforms, including Ronin Bridge, Harmony Bridge, and Atomic Wallet, has left a trail of extensive financial losses in its wake. The cumulative impact of these attacks has resulted in the loss of hundreds of millions in cryptocurrencies, underscoring the persistent threat posed by sophisticated hacking entities within the crypto space.
Crypto Exploits Cast a Shadow on the New Year
The onset of the new year witnessed a troubling surge in security challenges within the cryptocurrency industry. CoinsPaid joins the ranks of prominent projects facing the grim reality of cyber threats and vulnerabilities.
Leading the unfortunate series of events, Orbit Chain, a decentralized cross-chain protocol, suffered a colossal loss exceeding $81 million. This breach stemmed from hackers gaining access to seven of its ten multisig signers, highlighting the potential risks associated with multisig security models.
Following closely in the wake of the CoinsPaid breach, Radiant Capital reported a loss of $4.5 million due to a smart contract breach on January 3. These incidents collectively underscore the increasing sophistication of cybercriminals targeting the cryptocurrency sector, posing a grave challenge for both industry participants and security experts.
Conclusion: Navigating the Cryptocurrency Security Landscape
As the cryptocurrency industry grapples with the fallout of the CoinsPaid security breach, stakeholders are reminded of the imperative need for robust cybersecurity measures. The recurrence of incidents involving significant financial losses raises questions about the industry's overall preparedness to combat evolving cyber threats.
Cryptocurrency platforms, developers, and users must prioritize security and remain vigilant against potential exploits. The CoinsPaid hack serves as a stark reminder that the crypto space, while offering innovative solutions and financial opportunities, is not immune to the persistent and evolving threats posed by determined cyber adversaries. In navigating this complex landscape, a proactive approach to security, continuous risk assessment, and collaboration within the industry are crucial for safeguarding the future of digital assets.