Humans are the ‘weakest link’ when it comes to hacks: CoinsPaid CEO

Photo of author

By BitcoinWiki News

Key Takeaways:

– CoinsPaid experienced a meticulously planned cyberattack involving social engineering.
– The attack did not compromise CoinsPaid’s wallets, but caused significant losses for its gambling-focused clients.
– The company reimbursed its clients from its own reserves and restored normal operations within two days.
– CoinsPaid reconstructed the system and rewrote infrastructure code to mitigate the damage.
– There were initial concerns about the company’s response to the attack.
– CoinsPaid warned its clients about the attack and provided official statements later.
– The company collaborated with cybersecurity firm Match Systems to freeze funds and identify money laundering services.
– The hack’s similarities to Lazarus Group attacks fueled suspicions of the North Korean regime’s involvement.
– There are suggestions of a link between the CoinsPaid hack and the Alphapo hack.
– Social engineering exploits have become more sophisticated, requiring the crypto industry to adopt new approaches to combat them.
– CoinsPaid is enhancing employee education on advanced social engineering and changing access rights for operational processes.
– Collaborations with white hat hackers are planned to strengthen system security.
– Vigilance, employee training, monitoring systems, and transparency with clients are crucial in defending against social engineering and phishing threats.
– Companies in the crypto space should collaborate, share knowledge, and develop better security practices.


Crypto payment processor CoinsPaid experienced a cyberattack that was six months in the making and involved social engineering, according to CEO Max Krupyshev. The hack resulted in $37.3 million in losses for the company, which it reimbursed to its clients from its own reserves. CoinsPaid’s programmers quickly reconstructed the system and rewrote the infrastructure code to minimize damage. There were concerns about the company’s initial silence on the matter, but CoinsPaid later sent warnings to its clients and provided updates on the situation. The company worked with a cybersecurity firm to freeze funds and identify the services used to launder them. The attack has raised suspicions of the involvement of the Lazarus Group, a North Korean regime-linked cybercrime group.
CoinsPaid is now taking steps to improve employee education on social engineering and changing access rights to limit exposure risks. The company also plans to collaborate with white hat hackers to enhance system robustness. Krupyshev emphasized the importance of remaining vigilant against social engineering and phishing threats in the crypto space and called for companies to collaborate and develop better security practices.

This is sponsored by: Learn Bitcoin Option

Leave a Comment