TL;DR
- CoinStats temporarily shut down its app after a security breach on June 22, affecting 1,590 user wallets, allegedly by hackers linked to North Korea.
- The company suspended all activities and advised affected users to transfer their funds using exported private keys, publishing a list of affected wallets on Google.
- There were also fraudulent notifications directing users to a fake wallet, increasing the urgency for users to secure their funds.
CoinStats, a well-known cryptocurrency portfolio tracking app, has temporarily shut down its operations after experiencing a security breach on June 22. The incident affected 1,590 user wallets, approximately 1.3% of all the wallets managed by the app. Preliminary reports suggest that the attack was carried out by hackers linked to North Korea.
CoinStats responded immediately to the situation. The company decided to suspend all user activities and temporarily shut down the app. Additionally, they advised affected users to urgently transfer their funds using exported private keys. To facilitate this process, they published a Google document with a list of the affected wallets, warning that this list might be updated as the investigation progresses.
We are currently experiencing a security incident affecting wallets created directly within CoinStats; this does not impact externally connected wallets.
If you have your private key exported, move your funds ASAP.
— CoinStats (@CoinStats) June 22, 2024
Besides the security issue, some iOS and Android users received fraudulent notifications claiming they had won a 14.2 ETH prize. These notifications directed users to log into a fake CoinStats AirScout wallet via a fraudulent website. Worryingly, these scams were distributed through push notifications and in-app messages.
Complications for CoinStats
The CoinStats team, led by CEO Narek Gevorgyan, is working hard to investigate the extent of the attack and its underlying causes. At the same time, they are implementing security measures to restore the production environment and reactivate the app as soon as possible. During this period, users have been urged to stay alert for potential scammers who might exploit the situation to offer false help.
The breach has raised concerns about possible vulnerabilities in the wallet generation process and the storage of private keys on the company’s servers. It is speculated that the attackers may have discovered patterns in the randomness of the wallet generation process, allowing them to predict private keys and compromise user funds. Although no connected wallets or API connections have been reported as affected, some users have claimed that other wallets linked to DeFi features were drained. However, these claims have not yet been confirmed.
CoinStats has assured users that connected wallets, which only require read-only access, remain safe under any conditions. Despite the issues, the company remains committed to strengthening security and restoring user trust.
