CoinStats, a popular cryptocurrency portfolio tracker, fell victim to a security breach affecting 1,590 wallets created directly within its application. The incident, which happened late Saturday, prompted immediate action from the CoinStats team, resulting in the temporary shutdown of the application to contain and investigate the breach.
CoinStats swiftly addressed the issue on its X platform, reassuring the community that the security incident had been mitigated and that the application had been temporarily shut down to prevent further damage. The platform later confirmed that only wallets created directly within CoinStats were affected, not externally connected wallets.
How It Started
CoinStats experienced a security breach on Saturday when an unusual activity occurred in the community. Suspicious notifications were sent to users claiming reward eligibility, but the notifications led to a shady website asking users to download another application.
“I just got a notification from Coin Stats saying that I won 14.2 ETH. I know this is probably complete bs but I thought that CoinStats was a legit platform. Unfortunate that they’re baiting people to open the app with fake reward notifications…” one of the users commented on Reddit
The incident has led to a sophisticated phishing scam, with users receiving notifications claiming they won a giveaway. The messages, received by both iOS and Android users, are believed to be part of the security incident.
CoinStats later confirmed the breach on X, apologizing for the inconvenience and promising to update users ASAP. The platform later confirmed that only wallets created directly within CoinStats were affected, not externally connected wallets.
CoinStat Temporarily Shuts Down
CoinStats temporarily shut down the application as the platform remained offline and investigated the breach. The quick response of the CoinStats team only limited the impact to only 1.3% of all wallets (1,590 wallets).
“The list of affected wallets may change as the investigation continues, but significant changes are not expected,” CoinStat stated in an official statement on X.
CoinStats emphasized that this incident has not impacted users with externally connected wallets and exchanges.
“Users whose wallets were affected are advised to move their funds immediately using their exported private key. CoinStats is working diligently to bring the app back online as soon as possible and appreciates the patience of its users,” CoinStat added.
The portfolio tracker shared a Google Doc file listing affected wallets to aid users in relocating their funds as CoinStats transitioned its platform to read-only mode. Investigations into the breach’s full extent continue, with initial assessments suggesting damage might be contained, despite individual claims such as one user alleging funds were drained from an external wallet due to the breach.
CoinStats pledged ongoing updates as it investigated further, promising clarity on the attack’s actual impact in subsequent communications. At press time, CoinStats was still unavailable for use.
CoinStats Initiates Refunds Following Security Breach
“CoinStats User Refunds are Now Live. Due to the recent exploit, all users are being issued a compensatory refund,” CoinStat tweeted on Sunday.
Users impacted by the recent security breach are being issued a compensatory refund following the incident. The portfolio tracking firm dropped a link via its X account that allowed users to check their eligibility and get refunded for their losses.
This refund process aimed to compensate all users affected by the exploit, ensuring they received appropriate restitution for any losses incurred. CoinStats has implemented stringent security measures to prevent future breaches and safeguard user funds.