ZachXBT, a prominent analyst on the blockchain, has today, via his Telegram channel, “Investigations by ZachXBT,” shared with the community information about a possible security breach affecting the payment service provider Coinspaid. Financial ecosystem that suffered an attack in 2023 that resulted in a loss around $37.3 Million is now at risk of yet another cyber-attack.
Please read: Exit scams and private key compromises are current major Web3 threats
It appears that Coinspaid has had another security breach. ZachXBT, a Telegram subscriber who warned his subscribers about the incident, said that hot wallets associated with them had $6.1M of suspicious withdrawals around 17 hours earlier.
ZachXBT shared the announcement on Discord from HyperDrop with Telegram users. This indicates that withdrawals through Coinspaid are temporarily halted.
Leo posted on Discord today that the payment processor for HyperDrop is having a problem processing withdrawals. He added, “Pending transaction cannot be cancelled, but we expect this issue to be quickly addressed and transactions will proceed accordingly.” Leo also mentioned that there were no details about the issue or a time frame for its resolution.
ZachXBT, meanwhile, has discovered the movements of stolen funds. According to the blockchain detective, some of these funds were already laundered through cryptocurrency exchanges such as HitBTC N Exchange ChangeNow and Whitebit.
Check out the Turbulent Start to 2024: Gamma Strategies and Radiant Capital Hacks
ZachXBT’s claim that the payment provider had experienced another incident is correct. This implies the Coinspaid system still contains certain weaknesses despite recent security breaches.
The Lazarus Group was blamed for the theft during the previous attack, an infamous hacking group allegedly supported and funded by the North Korean Government. Hackers reportedly used sophisticated social engineering techniques, such as fake LinkedIn recruitment and high-paying salaries for Coinspaid staff.
The attackers also used the JumpCloud platform to launch their attack after spending six months researching the Coinspaid eco-system. The malicious actors infiltrated the system using social engineering by installing malicious code through an employee of the company. This allowed for a quick attack.