- CoinStats has temporarily shut down its app after the June 22 security breach.
- Users are advised to transfer funds immediately using exported private keys.
- Scam notifications have been distributed through the CoinStats push notification and an in-app message.
On June 22, CoinStats, a prominent cryptocurrency portfolio tracking app, experienced a significant security breach impacting 1,590 user wallets, representing about 1.3% of all the portfolio tracker wallets.
The incident, believed to be perpetrated by hackers linked to North Korea, led to immediate action from the crypto portfolio tracker, including temporarily shutting down the app and advising users to transfer their funds using exported private keys.
CoinStats security breach: what we know so far
According to an updated shared by CoinStats on X, affecting 1,590 wallets generated directly within the app.
The hackers, suspected to have connections with North Korea, reportedly managed to compromise these wallets while leaving connected wallets and centralized exchanges (CEXes) unaffected, raising significant concerns about the security of the wallet generation process and the storage of private keys within CoinStats.
Upon discovering the breach, the crypto portfolio tracker took swift action to mitigate the attack by suspending all user activity and temporarily shutting down the application.
In addition, the CoinStats team advised users with affected wallets to move their funds immediately using their exported private keys.
To assist users, CoinStats published a Google document listing the affected wallets, with a note that the list might change as the investigation progresses.
Scam notification sent to some CoinStats’ users.
Besides the security on June 22, the cryptocurrency portfolio tracker also faced an additional issue with a scam notification sent to some iOS and Android users.
The notification falsely claimed users had won a 14.2 ETH prize and directed them to log into a fraudulent CoinStats AirScout wallet via a Drainer website.
Hey frens,
Some iOS users received a scam notification. We’re investigating it.
Sorry for the inconvenience. We’ll update you ASAP.
Thanks for your understanding. pic.twitter.com/8CRBrC6JxB
— CoinStats (@CoinStats) June 22, 2024
Interestingly, this scam was distributed through a CoinStats push notification and an in-app message, adding…