- CoinStats halts app after breach impacts 1,590 wallets; connected wallets and CEXes unaffected, investigation ongoing.
- Users received scam notifications leading to a Drainer site; CoinStats advises moving funds immediately from affected wallets.
- Concerns arise over private key storage and wallet generation process; no confirmed impact on shared wallets or API connections.
Cryptocurrency portfolio manager CoinStats has temporarily suspended user activity after a security breach impacted 1,590 crypto wallets, representing 1.3% of all CoinStats Wallets. The company assured users that connected wallets and centralized exchanges (CEXes) remained unaffected. CoinStats promptly isolated the incident by shutting down the application, as announced in a June 22 post on X.
Read CRYPTONEWSLAND on
google news
Details of the Breach
The breach primarily targeted CoinStats-generated wallets. Users reported receiving scam notifications on iOS and Android devices, falsely claiming a 14.2 ETH reward and directing them to log into the CoinStats AirScout wallet. These notifications led to a Drainer website, promoted via a push notification and in-app message on the app’s home screen. CoinStats is actively investigating this issue and has apologized for the inconvenience caused.
User Instructions and Safety Measures
CoinStats has advised users with affected wallets to move their funds immediately using their exported private keys if available. The company has provided a Google document listing the affected wallets, noting that the list might change as the investigation progresses but significant updates are not expected. Users are warned to be cautious of scammers who may exploit the situation by pretending to offer assistance.
Investigation and Potential Vulnerabilities
While CoinStats has not yet disclosed the cause of the attack, there are concerns about whether private keys were stored on their server and the randomness of wallets generated within the app. The ability of attackers to send a malicious push notification suggests they may have gained insights into the wallet generation process, potentially predicting private keys and compromising user funds.
Current Status and User Safety
No wallets or API connections shared with the CoinStats portfolio application appear to have been affected. However, some users have reported that other wallets connected for DeFi features have been drained, although these reports remain unconfirmed by CoinStats. The app remains down as the investigation continues, with CoinStats promising updates as more information becomes available.
Precautionary Advice
CoinStats reminds users to stay vigilant against unexpected competitions or rewards in the crypto space and to use hardware wallets for securing critical funds. The company expressed gratitude for users’ patience and emphasized its commitment to restoring the app’s functionality as swiftly as possible.
Read also
disclaimer read moreCrypto News Land (cryptonewsland.com)
