Breached wallets should ‘move funds immediately’
CoinStats, a cryptocurrency portfolio management platform, has reported a security breach affecting many user wallets.
On June 22, CoinStats reported a security incident impacting wallets created directly within the app. The company assures users that externally connected wallets and centralized exchanges (CEXs) remain unaffected.
CoinStats urged users with exported private keys to move their funds immediately. See below.
According to the CoinStats team, only 1,590 of all CoinStats wallets were affected, or 1.3%.
Although the list of affected wallets might change as the investigation continues, significant changes are not expected.
CoinStats has suspended user activity and taken the app offline to investigate the incident thoroughly. The company has assured users that the attack has been contained and will continue to provide updates as more information becomes available.
The hack enabled the bad actors to send fraudulent notifications to iOS and Android users, falsely promising rewards and prompting them to access the CoinStats AirScout wallet.
Clicking on the link led users to a drainer website, promoted through a push notification from CoinStats and an official in-app alert on the home screen.
While the company has not disclosed the cause of the attack, the incident has sparked concerns about the security of private keys stored on their server and the randomness of wallets generated within the app.
CoinStats also uploaded a Google document containing a list of all crypto wallets affected by the attack. Owners whose wallet addresses appear on this list are advised to transfer their funds promptly using exported private keys.
The company is actively investigating the extent of the funds moved and will provide updates as soon as possible. Coinstat expressed gratitude for users’ patience during this period.
The security breach has rattled the cryptocurrency community, leading industry experts to advise victims to be wary of fraudulent rescue efforts.
Crypto security challenges remain
On June 5, CoinGecko confirmed that its third-party email management platform, GetResponse, had experienced a data breach.
The hack exposed the personal info for pver 1.9 million CoinGecko users.
A compromised employee account allowed attackers to access users’ names, email addresses, IP addresses, email open locations, and additional metadata such as sign-up dates and subscription plans.
While CoinGecko ensured that user accounts and passwords remained secure, the attackers used the compromised data to send 23,723 phishing emails to affected contacts.
Phishing attacks are commonly used by cybercriminals to steal sensitive information like cryptocurrency wallet private keys or deceive users into sending funds to fraudulent addresses.
The CoinGecko data breach adds to a series of security incidents impacting the cryptocurrency industry.
Another significant threat to investors is the “rug pull” scam, which occurs when developers abandon a cryptocurrency project after raising funds from investors.
Earlier this month, Yang Qichao, a college student in China, was sentenced to 4.6 years in prison for orchestrating a $300,000 rug pull scam in the cryptocurrency market. Yang created a token named BFF and deceived investors with promises of high returns.
The fraudulent scheme was exposed, leading to Yang being held responsible for his actions and receiving a substantial prison term.
This case underscores the serious consequences of fraudulent activities within the crypto industry.