N. Korean Lazarus Group Suspected in $37.3M CoinsPaid Crypto Heist

CoinsPaid’s internal systems were compromised, prompting the firm to temporarily halt operations for four days.


  • Crypto theft date: July 22, 2023
  • CoinsPaid strengthens systems post-attack
  • Blockchain Security firms Chainalysis and Match Systems aid the investigation

Cryptocurrency payments platform CoinsPaid has reported a massive security breach that led to the theft of $37.3 million on 22nd July. The company suspects the notorious North Korean state-backed hacker organization, Lazarus Group, to be behind the attack. CoinsPaid’s internal systems were compromised, prompting the firm to temporarily halt operations for four days.

The Lazarus Group has a long history of targeting cryptocurrency platforms. The extent of the hack caused significant damage to the company’s balance sheet and platform, leading to a temporary shutdown. However, the firm clarified that customer funds remained secure during the incident.

In response to the breach, CoinsPaid immediately engaged a team of experts to fortify their systems and minimize the impact of the attack. Despite the substantial funds stolen, the company believes that the hackers aimed for a much higher sum. As a result, the Lazarus Group ended up with a “record-low reward.”

CoinsPaid CEO, Max Krupyshev, expressed confidence that the perpetrators would face justice and emphasized the company’s commitment to fully restore operations in a new, secure environment. As of now, the platform is gradually resuming transactions, but it may take a few more days to ensure everything runs smoothly.

CoinsPaid is back to processing after being hit by a hacker attack. Сlient’s funds were not affected and are fully available.

More details in our blog: https://t.co/XukI4ZTTLw pic.twitter.com/XjkKjjsluE

— CoinsPaid (@coinspaid) July 26, 2023

Collaboration with Estonian and Blockchain Security Firms

In response to the breach, CoinsPaid promptly filed a report with Estonian law enforcement to investigate the incident further. The company is working closely with local authorities to track the looted funds allegedly taken by the Lazarus Group.

Furthermore, several blockchain security firms, including Chainalysis, Match Systems, and Crystal, have joined forces to assist in the preliminary investigation during the first few days following the attack. Their expertise will aid in identifying the perpetrators and strengthening CoinsPaid’s security measures.

The Lazarus Group remains an active and notorious hacking organization with links to the North Korean Government. Beyond the attack on CoinsPaid, the group has been involved in numerous sophisticated hacking operations, targeting blockchain technology companies and cryptocurrency platforms.

Their tactics often involve spear-phishing campaigns, the use of custom malware, and exploiting native operating systems. In the past, Lazarus Group was responsible for significant heists, including the $100 million Harmony Bridge hack and the $620 million Ronin Bridge theft.

CoinsPaid’s resolve to strengthen its security measures and cooperate with law enforcement and security experts showcases the ongoing efforts to combat cyber threats in the cryptocurrency industry. 

  1. Hackers posing as LinkedIn recruiters to scam military
  2. Lazarus hackers suspected of targeting Indian space agency
  3. Phishers Exploiting Google Docs to Harvest Crypto Credentials
  4. SnatchCrypto attack hits DeFi, Blockchain Firms with backdoor
  5. LAZARUS Using TraderTraitor Malware Against Blockchain Orgs

Related Posts