Coinspaid May Be Hacked Again, Losing Over $6 Million

As reported by ZachXBT, Coinspaid has witnessed suspicious outflows amounting to over $6 million, and some of its customers are encountering delays in withdrawals.

Streams of coins flowing out of a wallet
CoinsPaid has already experienced a significant loss exceeding $37 million on June 22, 2023.

Today, prominent on-chain analyst ZachXBT, through his Telegram channel "Investigations by ZachXBT," has shared information with the crypto community regarding a potential security incident impacting the payment service provider Coinspaid. The financial ecosystem, which suffered a significant attack on June 22, 2023, leading to a loss of approximately $37.3 million, is now facing the possibility of another hacking incident.

Read also: Private Key Compromises and Exit Scams Are Current Major Web3 Threats

"It looks like Coinspaid had another security incident. Hot wallets linked to them saw $6.1M in suspicious outflows about 17 hours ago," ZachXBT warned the subscribers of his Telegram channel.

According to the Discord announcement from HyperDrop, shared with Telegram users by ZachXBT, there is a temporary halt in withdrawals processed through Coinspaid.

Coinspaid Incident - Jan 2024
Source: ZachXBT, Telegram

"Our cryptocurrency payment provider is experiencing a delay in processing withdrawal requests," Discord user Leo, possibly a representative of HyperDrop, posted today, adding that "Pending transactions cannot be canceled, but we anticipate the issue to be promptly addressed, and transactions should proceed accordingly." Leo further mentioned that no specific details or timeframe for resolving the matter have been provided.

In the meantime, ZachXBT has detected the movement of stolen funds. The blockchain detective claims that some of these funds have already undergone laundering through various cryptocurrency exchanges, including HitBTC, N Exchange and ChangeNow.

Meanwhile, WhiteBIT, one of the largest European cryptocurrency exchange platforms, also mentioned by ZachXBT, swiftly took necessary measures to prevent the movement of the stolen funds.

"We are aware of attempts to deposit funds stolen in the Coinspaid incident to WhiteBIT," WhiteBIT announced on X soon after the event. The team behind the project emphasized that "Security and compliance with AML standards are among WhiteBIT's main priorities."

"We have frozen the funds in question and are conducting the relevant procedures," WhiteBIT reaffirmed its commitment to maintaining a secure trading environment.

Read also: Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers

If ZachXBT is right about the incident and the payment service provider has indeed experienced another attack, it implies that the Coinspaid ecosystem still has certain vulnerabilities despite the recent security breach.

During the previous exploit, the theft was attributed to the Lazarus Group, a notorious hacking organization allegedly supported by the North Korean government. The hackers reportedly utilized sophisticated social engineering tactics, including fake LinkedIn recruiting and offering high salaries to Coinspaid employees.

They also employed the JumpCloud platform as a conduit for their attack, spending six months studying the Coinspaid ecosystem. Ultimately, the malicious actors used social engineering to infiltrate the system by installing malicious software through a company employee, which allowed them to perform a swift attack.