CoinStats Temporarily Shuts Down App Following Security Breach

• CoinStats halts app after breach impacts 1,590 wallets; connected wallets and CEXes unaffected, investigation ongoing.
• Users received scam notifications leading to a Drainer site; CoinStats advises moving funds immediately from affected wallets.
• Concerns arise over private key storage and wallet generation process; no confirmed impact on shared wallets or API connections.

Cryptocurrency portfolio manager CoinStats has temporarily suspended user activity after a security breach impacted 1,590 crypto wallets, representing 1.3% of all CoinStats Wallets. The company assured users that connected wallets and centralized exchanges (CEXes) remained unaffected. CoinStats promptly isolated the incident by shutting down the application, as announced in a June 22 post on X.

Read CRYPTONEWSLAND on google news

Details of the Breach

The breach primarily targeted CoinStats-generated wallets. Users reported receiving scam notifications on iOS and Android devices, falsely claiming a 14.2 ETH reward and directing them to log into the CoinStats AirScout wallet. These notifications led to a Drainer website, promoted via a push notification and in-app message on the app’s home screen. CoinStats is actively investigating this issue and has apologized for the inconvenience caused.

User Instructions and Safety Measures

CoinStats has advised users with affected wallets to move their funds immediately using their exported private keys if available. The company has provided a Google document listing the affected wallets, noting that the list might change as the investigation progresses but significant updates are not expected. Users are warned to be cautious of scammers who may exploit the situation by pretending to offer assistance.

Investigation and Potential Vulnerabilities

While CoinStats has not yet disclosed the cause of the attack, there are concerns about whether private keys were stored on their server and the randomness of wallets generated within the app. The ability of attackers to send a malicious push notification suggests they may have gained insights into the wallet generation process, potentially predicting private keys and compromising user funds.

Current Status and User Safety

No wallets or API connections shared with the CoinStats portfolio application appear to have been affected. However, some users have reported that other wallets connected for DeFi features have been drained, although these reports remain unconfirmed by CoinStats. The app remains down as the investigation continues, with CoinStats promising updates as more information becomes available.

Precautionary Advice

CoinStats reminds users to stay vigilant against unexpected competitions or rewards in the crypto space and to use hardware wallets for securing critical funds. The company expressed gratitude for users’ patience and emphasized its commitment to restoring the app’s functionality as swiftly as possible.

Read also

• Binance Upgrades Wallet Infrastructure, XRP Users Beware
• Binance Upgrades Wallet Infrastructure, Retires Old Deposit Addresses
• Coinbase “Temporarily Shutting Down” US Affiliate Marketing Program
• Transfers to Temporarily Pause For GEN 3.0 Exchange
• IRS Temporarily Suspends $10,000 Crypto Reporting for Businesses