Today, the prominent on-chain analyst ZachXBT, through his Telegram channel “Investigations by ZachXBT,” has shared information with the crypto community regarding a potential security incident impacting the payment service provider CoinsPaid. The financial ecosystem, which suffered a significant attack on June 22, 2023, leading to a loss of approximately $37.3 million, is now facing the possibility of another hacking incident.
Read also: Private Key Compromises and Exit Scams Are Current Major Web3 Threats
“It looks like Coinspaid had another security incident. Hot wallets linked to them saw $6.1M in suspicious outflows about 17 hours ago,” ZachXBT warned the subscribers of his Telegram channel.
According to the Discord announcement from HyperDrop, shared with Telegram users by ZachXBT, there is a temporary halt in withdrawals processed through CoinsPaid.
“Our cryptocurrency payment provider is experiencing a delay in processing withdrawal requests,” Discord user Leo, possibly a representative of HyperDrop, posted today, adding that “Pending transactions cannot be canceled, but we anticipate the issue to be promptly addressed, and transactions should proceed accordingly.” Leo further mentioned that no specific details or timeframe for resolving the matter have been provided.
In the meantime, ZachXBT has detected the movement of stolen funds. The blockchain detective claims that some of these funds have already undergone laundering through various cryptocurrency exchanges, including HitBTC, N Exchange, ChangeNow, and Whitebit.
Read also: Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers
If ZachXBT is right about the incident and the payment service provider has indeed experienced another attack, it implies that the CoinsPaid ecosystem still has certain vulnerabilities despite the recent security breach.
During the previous exploit, the theft was attributed to the Lazarus Group, a notorious hacking organization allegedly supported by the North Korean government. The hackers reportedly utilized sophisticated social engineering tactics, including fake LinkedIn recruiting and offering high salaries to CoinsPaid employees.
They also employed the JumpCloud platform as a conduit for their attack, spending six months studying the CoinsPaid ecosystem. Ultimately, the malicious actors used social engineering to infiltrate the system by installing malicious software through a company employee, which allowed them to perform a swift attack.