CoinsPaid, the crypto payment processor, fell victim to a meticulously planned cyberattack on July 22. The scheme had been six months in the making, attributed largely to social engineering tactics, according to Max Krupyshev, the company’s co-founder and CEO.
This incident, while costing the company $37.3 million in losses, has underscored the unsettling reality that the human element remains the weakest link in the digital security chain.
Human Element: Achilles’ Heel
Max Krupyshev, in an exclusive interview reported by The Block, emphasized the significance of the human element’s vulnerability in the digital age.
“It’s evident from the nature of this attack that the human element remains the weakest link in the system, as our wallets were not compromised,” he said. This highlights how even the most sophisticated security systems can be compromised through cleverly orchestrated social engineering tactics, leaving no digital fortress entirely impenetrable.
Despite the devastating breach, CoinsPaid acted swiftly by reimbursing its gambling-focused clients from its own reserves, ensuring a remarkable recovery within just two days.
Krupyshev revealed that the company promptly alerted its clients on the day of the attack, followed by an official statement four days later, and a comprehensive breakdown of the attack. This commitment to transparency and responsibility helped restore confidence in CoinsPaid’s platform.
Cryptocurrencies tallied a market cap of $1.03 trillion today. TradingView.com
CoinsPaid: A Vigorous Pursuit Of Justice
CoinsPaid did not simply stop at reimbursement; it partnered with cybersecurity firm Match Systems to trace the stolen funds and identify the services used to launder them.
Krupyshev explained, “We are determined to pursue every avenue to freeze these illicit funds and bring the perpetrators to justice.” This relentless pursuit of justice is not only about recovering lost assets but also about sending a strong message to cybercriminals.
The attack on CoinsPaid bore eerie similarities to previous Lazarus Group cyberattacks, raising suspicions of the North Korean regime-linked cybercrime group’s involvement.
“As the investigation remains ongoing, we’re unable to share specific details about its progress,” Krupyshev commented. However, he pointed out that consistent withdrawal patterns observed in Lazarus Group’s previous targets, including the Atomic Wallet heist, have fueled these suspicions.
Learning From The Incident
CoinsPaid is determined to learn from this incident and fortify its defenses. The company is enhancing employee education regarding advanced social engineering tactics, including fake job offers, bribery attempts, and seemingly harmless tech inquiries that can compromise a company’s infrastructure. Additionally, access rights for operational processes are being restructured to minimize exposure risks.
As CoinsPaid continues to navigate the aftermath of this cyberattack, it stands as a stark reminder that no entity is impervious to cyber threats. The focus on human vulnerabilities, combined with a commitment to improved security measures, may serve as a turning point in the ongoing battle against cybercrime in the cryptocurrency industry.
(This site’s content should not be construed as investment advice. Investing involves risk. When you invest, your capital is subject to risk).
Featured image from iPleaders