Print Article

The CoinsPaid Hack Explained: We Know Exactly How Attackers Stole and Laundered $37M USD – lessons learned

21/08/2023 [CP] investigated the hacker attack of July 22nd, 2023, resulting in the theft of 37.3M USD. In collaboration with Match Systems, a top cybersecurity firm, CP traces the perpetrators' steps minute by minute and identifies the services and platforms used to launder the funds. Based on CP's internal investigation, they have reasons to suspect that the top-tier hacker group Lazarus may be behind the attack on CoinsPaid. The hackers employed the same tactics and money laundering schemes that Lazarus had used in the recent Atomic Wallet heist.

Billed as the "top cyber threat groups around the globe in today's time" by the media, the Lazarus Group is responsible for hacking campaigns worldwide. Although the number of members and their names have not been identified conclusively, this cybercrime organisation is linked to the North Korean government.

  • From 2009-2013, "Operation Troy", the first significant attack attributed to Lazarus, targeted government websites in the United States and South Korea.
  • In 2014, Lazarus saw global recognition for its Sony Pictures hack: the perpetrators released the company's confidential documents, including information about employees, their work contracts and even their family members.
  • In 2017, Lazarus struck again: the WannaCry ransomware attack was a worldwide cyberattack in May 2017, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom in Bitcoin. The hack lasted 4 days and resulted in infecting 300,000+ computers worldwide.

Lessons Learned from the Hack

  1. This unfortunate incident provided some valuable experiences and insights for CoinsPaid that can help decrease both the number of hacking incidents in the crypto market and their scale of impact on the industry.
  2. Here is the list of practical tips that security experts have compiled that other cryptocurrency providers can implement to boost hacker protection significantly.
    • Do not ignore cybersecurity incidents, i.e. attempts to break into your company's infrastructure, social engineering, phishing, etc. This may be a sign of hackers preparing for a major attack.
    • Explain to your employees how perpetrators use fake job offers, bribing, and even ask for harmless tech advice to access the company's infrastructure.
    • Implement security practices for privileged users.
    • Implement the principles of Separation of Duties and Least Privilege.
    • Ensure the protection of employees' workstations.
    • Keep infrastructure components up to date.
    • Segment networks and implement authentication and encryption between infrastructure components.
    • Create a separate security log store to upload all relevant events.
    • Set up a monitoring and alerting system for all suspicious activity in your infrastructure and applications.
    • Create an honest violator model and take measures adequate to the threats and risks that your business bears.
    • Please keep track of operating balances and monitor their unusual movement and behaviour.
    • Reduce the funds available for the company's operation to the necessary minimum.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email