Popular cryptocurrency portfolio tracker CoinStats is struggling with a security breach that exposed users’ wallets and sent fraud alerts to mobile devices. The company took the drastic step of completely shutting down its platform while the incident was investigated.
The breach, confirmed by CoinStats on their official social media channel, affected an as yet undetermined number of wallets created by users on the app. CoinStats urges all users who have created wallets on its platform to immediately transfer their cryptocurrency holdings to minimize potential losses.
While the exact number of affected users is still under investigation, CoinStats advises all wallet users to move their funds to a protected location as soon as possible, a spokesperson said.
We are currently experiencing a security incident affecting wallets created directly in CoinStats; externally connected wallets are not affected.
If you have exported your private key, transfer your funds as soon as possible.
— CoinStats (@CoinStats) June 22, 2024
A phishing scam lures users with counterfeit rewards
The security breach was sophisticated impersonation. CoinStats users, especially those using iOS devices, received notifications congratulating them on winning a significant amount of cryptocurrency, specifically 14.2 ETH (Ethereum). Clicking on the notification likely led users to a malicious website designed to steal their private keys and drain their wallets.
These scams are becoming more and more common. Hackers take advantage of users’ emotions related to the possibility of quick profits in the crypto space. It is very crucial to be wary of unwanted messages, especially those promising rewards or requiring urgent action.
Transparency is about the cloud. Problem
CoinStats maintains that the breach only affected internal wallets created on their app. They assure users that externally connected wallets and those held on centralized exchanges (CEX) remain protected. However, some users have reported unauthorized transactions even on their external wallets, which casts doubt on CoinStats’ claims.
The company was also criticized for its lack of transparency. The full extent of the damage, including the number of wallets hacked and the total amount of cryptocurrency stolen, remains unknown. CoinStats promised a detailed report on the incident, but did not provide a time frame for its publication.
The CoinStats breach is a stark reminder of the evolving cybersecurity threats in the cryptocurrency space. As the industry evolves, so do the efforts of malicious actors to target user funds.
Featured image from Mashable, chart from TradingView
