CoinStats temporarily shuts down, advises users to transfer their funds

CoinStats temporarily shuts down, advises users to transfer their funds

By Charles Thuo - min read
CoinStats temporarily shuts down, advises users to transfer their funds
  • CoinStats has temporarily shut down its app after the June 22 security breach.
  • Users are advised to transfer funds immediately using exported private keys.
  • Scam notifications have been distributed through the CoinStats push notification and an in-app message.

On June 22, CoinStats, a prominent cryptocurrency portfolio tracking app, experienced a significant security breach impacting 1,590 user wallets, representing about 1.3% of all the portfolio tracker wallets.

The incident, believed to be perpetrated by hackers linked to North Korea, led to immediate action from the crypto portfolio tracker, including temporarily shutting down the app and advising users to transfer their funds using exported private keys.

CoinStats security breach: what we know so far

According to an updated shared by CoinStats on X, affecting 1,590 wallets generated directly within the app.

The hackers, suspected to have connections with North Korea, reportedly managed to compromise these wallets while leaving connected wallets and centralized exchanges (CEXes) unaffected, raising significant concerns about the security of the wallet generation process and the storage of private keys within CoinStats.

Upon discovering the breach, the crypto portfolio tracker took swift action to mitigate the attack by suspending all user activity and temporarily shutting down the application.

In addition, the CoinStats team advised users with affected wallets to move their funds immediately using their exported private keys.

To assist users, CoinStats published a Google document listing the affected wallets, with a note that the list might change as the investigation progresses.

Scam notification sent to some CoinStats’ users.

Besides the security on June 22, the cryptocurrency portfolio tracker also faced an additional issue with a scam notification sent to some iOS and Android users.

The notification falsely claimed users had won a 14.2 ETH prize and directed them to log into a fraudulent CoinStats AirScout wallet via a Drainer website.

Interestingly, this scam was distributed through a CoinStats push notification and an in-app message, adding another layer of urgency for affected users to secure their funds.

Investigations are currently ongoing

The CoinStats team, led by CEO Narek Gevorgyan, is actively investigating the extent of the compromised funds and the cause of the attack.

They are restoring the production environment with enhanced security measures and aim to bring the app back online swiftly.

During this period, users have been advised to remain vigilant against potential scammers who may exploit the situation by pretending to offer help.

The breach has sparked concerns about the potential weaknesses in the wallet generation process and private key storage on CoinStats’ servers.

Speculation suggests that attackers may have gained insights into the randomness of the wallet generation process, enabling them to predict private keys and compromise user funds.

While no connected wallets or API connections have been reported as affected, some users have claimed that other wallets connected to DeFi features were drained. However, these claims remain unconfirmed.

The crypto portfolio tracker has assured users that connected wallets, which require only read-only access, remain safe under any conditions.