Key Insights
- CoinStats reports a sophisticated cyber attack resulting in the theft of $2.2 million worth of cryptocurrency from 1,590 user wallets.
- The company has completely rebuilt its platform environment, engaged new infrastructure auditors, and restored full operations while warning users about potential phishing risks.
- CoinStats has set an August 15 deadline for affected users to identify themselves for potential future support.
SAN FRANCISCO (MarketsXplora) – Cryptocurrency tracking app CoinStats has disclosed that a sophisticated cyber attack, potentially linked to a nation-state affiliated group, resulted in the theft of approximately $2.2 million worth of digital assets from user wallets in June.
In an incident report released late Thursday, CoinStats stated that the breach affected 1,590 wallets, representing 1.3% of all wallets on the platform. The company suspects the infamous Lazarus Group or a similar state-sponsored hacking outfit may be behind the attack.
“The attacker managed to access private keys through a combination of unauthorized intrusions across multiple services – including outside of CoinStats,” a company spokesperson told MarketsXplora.
The breach, first reported in June, involved the hijacking of the platform to send fraudulent notifications to mobile users. CoinStats had initially advised users to transfer funds out of platform-created wallets as a precautionary measure.
CoinStats Rebuilds Platform After $2.2 Million Crypto Heist
Following the incident, CoinStats has undertaken a complete rebuild of its platform environment.
“We’ve ensured no parts of the old infrastructure were used to guarantee the integrity of the new setup,” the spokesperson added.
The company has engaged new infrastructure auditors and restored full platform operations. While no evidence of user data theft has been found, CoinStats warned users to remain vigilant against potential phishing attacks targeting associated email addresses.
Tracing of the stolen funds is ongoing, with blockchain analysts like ZachXBT and MetaMask’s principal security researcher Taylor Monahan assisting in the investigation. The incident has been reported to law enforcement agencies.
CoinStats has established an August 15 deadline for affected users to identify themselves through a form for potential future support. However, the company declined to provide specific details regarding reimbursement plans for stolen funds.