Popular Estonian crypto-payments gateway provider, CoinsPaid, has continued its operations following a cyber attack that occurred on July 22, 2023.
The malicious attack resulted in the theft of cryptocurrency worth $37.2 million, forcing the company to suspend operations for four days. However, CoinsPaid reassured its clients that their funds were not affected and were fully available. According to the company, the attack only affected the platform’s availability and their revenue.
CoinsPaid CEO, Max Krupyshev, reacting to the attack said, “After the partial downtime, our services are getting up and running one by one in the new secured environment. We expect it to take a few more days to sort out minor details and ensure the system works smoothly.” Recall that the majority of CoinsPaid’s clients are online casinos working on the SoftSwiss platform.
The resumption of its activities was announced through a blog post on the official platform’s website. Additionally, the firm attributed the attack to the notorious North Korean hacking organization, Lazarus Group. Despite the significant loss of money, CoinsPaid believes that the cybercrime group was chasing a larger target.
The statement reads, “We believe Lazarus expected the attack on CoinsPaid to be much more successful. In response to the attack, the company’s dedicated team of experts has worked tirelessly to fortify our systems and minimize the impact, leaving Lazarus with a record-low reward.”
An investigation has been launched by the company to trace and identify the stolen assets using numerous blockchain analytics tools. CoinsPaid is also receiving assistance from companies like Match Systems, OKCoinJapan, Binance, Chainalysis, Valkyrieinvest, Staked.us, and Crystal in the ongoing investigation. The Estonian law enforcement agency also received an official report three days after the attack and has joined in the tracking effort.
“CoinsPaid will recover and continue delivering first-class innovative payment solutions despite the incident. We have no doubt that the hackers won’t escape justice,” added Max Krupyshev.
While the company has not presented any concrete evidence linking the North Korean group to the attack, the incident reportedly bears similarities to Lazarus’ mode of operation. Other victims of the group include Alphapo ($23M), Atomic Wallet ($100M), Axie Infinity ($625M), and Sony $81M).