CoinsPaid, a Ukrainian crypto payment processing firm registered in Estonia, recently suffered a social engineering attack, losing an estimated $37.3 million in crypto assets, CoinDesk reports. The hack, believed to be linked to the North Korean Lazarus Group, highlights the ongoing threat from industrious cybercriminal groups targeting centralized entities.

The attackers had been targeting CoinsPaid for months before the theft, using phishing, social engineering, and distributed denial-of-service (DDOS) attacks. In July, some employees received fake job offers from LinkedIn accounts posing as recruiters from other crypto companies. When employees installed malicious software presented as work-related tools, the attackers gained access to CoinsPaid's infrastructure.

Following the incident, CoinsPaid's CEO emphasized the importance of digital hygiene and adequate staff training to combat all forms of cybercrime.