CoinsPaid, a cryptocurrency payments processor, reported a hacking incident on July 22 in which $37.3 million was stolen. The company attributes the attack to Lazarus Group, a state-backed North Korean hacking organisation widely considered one of the most sophisticated cyber threat actors in the world. Despite the theft, CoinsPaid stated that customer funds remain intact — the losses came from the company's own operational reserves.
The Attack Method
CoinsPaid disclosed that Lazarus Group spent approximately six months conducting a social engineering campaign against the company's employees before executing the hack. The attackers reportedly used fake job offers on LinkedIn to target engineers, sending them "technical tests" that contained malware. Once a foothold was established, the hackers quietly mapped the company's internal systems before extracting funds in a single coordinated move.
The Broader Lazarus Threat
Lazarus Group has been linked to over $3 billion in crypto theft since 2017, making it the single most prolific crypto hacking entity in history by value stolen. The group's preferred method of initial access has increasingly shifted toward social engineering of employees rather than direct protocol exploits. Companies in the crypto sector are urged to implement strict policies around the downloading of external code, particularly from recruitment-related communications.
Have You Been Scammed?
Open a case today and let our experts begin the recovery process. A case-opening fee applies; full refund if unsuccessful.