- CoinStats halts app after breach impacts 1,590 wallets; connected wallets and CEXes unaffected, investigation ongoing.
- Users received scam notifications leading to a Drainer site; CoinStats advises moving funds immediately from affected wallets.
- Concerns arise over private key storage and wallet generation process; no confirmed impact on shared wallets or API connections.
Cryptocurrency portfolio manager CoinStats has temporarily suspended user activity after a security breach impacted 1,590 crypto wallets, representing 1.3% of all CoinStats Wallets. The company assured users that connected wallets and centralized exchanges (CEXes) remained unaffected. CoinStats promptly isolated the incident by shutting down the application, as announced in a June 22 post on X.
Details of the Breach
The breach primarily targeted CoinStats-generated wallets. Users reported receiving scam notifications on iOS and Android devices, falsely claiming a 14.2 ETH reward and directing them to log into the CoinStats AirScout wallet. These notifications led to a Drainer website, promoted via a push notification and in-app message on the app’s home screen. CoinStats is actively investigating this issue and has apologized for the inconvenience caused.
User Instructions and Safety Measures
CoinStats has advised users with affected wallets to move their funds immediately using their exported private keys if available. The company has provided a Google document listing the affected wallets, noting that the list might change as the investigation progresses but significant updates are not expected. Users are warned to be cautious of scammers who may exploit the situation by pretending to offer assistance.
Investigation and Potential Vulnerabilities
While CoinStats has not yet disclosed the cause of the attack, there are concerns about whether private keys were stored on their server and the randomness of wallets generated within the app. The ability of attackers to send a malicious push notification suggests they may have gained insights into the wallet generation process, potentially predicting private keys and compromising user funds.
Current Status and User Safety
No wallets or API connections shared with the CoinStats portfolio application appear to have been affected. However, some users have reported that other wallets connected for DeFi features have been drained, although these reports remain unconfirmed by CoinStats. The app remains down as the investigation continues, with CoinStats promising updates as more information becomes available.
Precautionary Advice
CoinStats reminds users to stay vigilant against unexpected competitions or rewards in the crypto space and to use hardware wallets for securing critical funds. The company expressed gratitude for users’ patience and emphasized its commitment to restoring the app’s functionality as swiftly as possible.
Read also
disclaimer read moreCrypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.
