A recent intrusion on well-known cryptocurrency payment processor CoinsPaid has underlined the continuing attraction of digital thievery for certain cybercriminal organizations, serving as a sharp reminder that classic exchange hacks haven’t fully gone into oblivion. On July 22, there was a breach that caused an estimated loss of $37.3 million in cryptocurrencies.
The attack was discovered by CoinsPaid, a Ukrainian business with an Estonian registration, which then used its own funds to compensate customers, including online casinos that commonly use the platform. According to CoinsPaid’s thorough analysis of the event, which was just released, the assault exhibited indicators suggestive of the infamous North Korean Lazarus Group or its associates.
Because of the brazenness of the assault, it was clear that the hackers had been actively pursuing CoinsPaid for months. They had used a variety of strategies, including as phishing scams, social engineering tricks, and distributed denial-of-service (DDoS) attacks. The operation concluded in a breach of CoinsPaid’s blockchain node, during which the attackers started a sizable withdrawal of bitcoin, several ERC20 tokens running on the Ethereum blockchain, USDT based on Tron, and other tokens.
Although the company’s servers were breached, the attackers were unable to access the private keys linked to the company’s wallets, according to Max Krupyshev, CEO of CoinsPaid. Krupyshev said that the security of the important assets was confirmed by the fact that the attackers were unable to access fresh wallets created with the identical keys.
Despite being unable to acquire secret keys, the hackers were nevertheless able to launder a significant amount of the money they had been given access to. Decentralized exchanges like SwftSwap, Uniswap, and SunSwap received a large amount of the stolen funds, mostly in the form of USDT on the Tron blockchain, after conversion through cross-chain bridges. The laundering process also included centralized exchanges including Binance, Huobi, Kucoin, Bybit, Bitget, and MEXC.
According to blockchain intelligence company Elliptic, the Sindbad mixer, a favorite tool of North Korean hackers, was used to launder the stolen bitcoin. CoinsPaid quickly alerted centralized exchanges about the suspicious transactions, but the process of designating addresses associated with crime and pursuing legal action against the hackers proved to be too sluggish to keep up with their quick pay outs.
The event highlights the persistent appeal of classic exchange hacks and the creativeness of cybercriminal organizations despite the rising frequency of DeFi-related crimes. Maintaining strong cybersecurity measures is a primary responsibility for organizations throughout the sector as the crypto business continues to develop.