Popular cryptocurrency tracking app CoinStats has released additional details related to a June security breach.
According to the company, “…a sophisticated (and we believe state-sponsored) attacker gained access to the private keys of exactly 1,590 CoinStats wallets, resulting in the theft of approximately $2.2 million worth of cryptocurrency,” CoinStats wrote in a recent incident report. The company believes the infamous Lazarus Group or another similar state-sponsored hacking group was responsible for this attack.
According to the report, the attackers compromised several services associated with CoinStats, which stores the private keys for user-created wallets, “…by combining unauthorized intrusions into multiple services, including those outside of CoinStats.” Experts such as Taylor Monahan, senior security researcher at ZachXBT and MetaMask, are tracking the funds, and the attack has been reported to law enforcement, the report says.
CoinStats previously reported that attackers hijacked the platform and sent fraudulent notifications to mobile users in June, warning them to transfer funds from wallets created on the platform. The attack affected 1,590 wallets, or 1.3% of all CoinStats wallets, according to the company.
Since the breach, the company has completely rebuilt the platform environment, ensuring that “no part of the existing infrastructure is being used to ensure the integrity of the new setup,” and has contracted a new infrastructure auditor. As a result, the platform is back up and running normally, and the company has found no evidence of user data being stolen, but the report warns CoinStats users to be on the lookout for potential phishing attacks targeting CoinStats-related email addresses as a precaution.
The company also created a form asking attack victims to verify their identity by August 15 “to be eligible for future support from the CoinStats team,” but did not share specifics regarding the refund of the stolen funds.
Disclaimer: The Block is an independent media outlet providing news, research and data. As of November 2023, Foresight Ventures is the largest investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information on the cryptocurrency industry. Below are the current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be legal, tax, investment, financial or other advice.