Pierluigi Paganini
June 24, 2024
The cryptocurrency portfolio management and tracking platform CoinStats suffered a massive security breach. Alleged North Korea threat actors have compromised 1,590 cryptocurrency wallets.
CoinStats allows users to monitor their cryptocurrency holdings across various exchanges and wallets in a single platform. The incident only impacted the users who hosted their wallets on CoinStats.
To mitigate the incident, the platform temporarily shut down the application.
Update on the Security Incident
— CoinStats (@CoinStats) June 22, 2024
The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident.
1. None of the connected wallets and CEXes were impacted.
2. Thanks to the immediate incident reponse from the CoinStats team,…
The company explained that only 1.3% of all hosted wallets were compromised by the attackers.
The investigation is still ongoing and the number of impacted wallets could increase, but the company states that they don’t expect significant changes.
In a message published on X, the company shared a link to a list of the affected wallets.
The company shared a list of impacted wallets on this spreadsheet, but some users reported that funds were stolen from wallets that were not on this list. Therefore, the actual scope of the incident might be more significant than what CoinStats has verified.
The CEO of the company announced on X that they possess significant evidence indicating a North Korea-linked APT group conducted the attack.
North Korea-linked APT groups are known for carrying out attacks against cryptocurrency exchanges.
At this time, it’s unclear if the attackers have stolen users’ funds.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cryptocurrency)
