Highlights:
- CoinStats exploit affected 1,590 wallets, leading to nearly $1 million in ETH being moved to Tornado Cash.
- CertiK reported two wallets linked to the CoinStats exploit moved $959,000 in ETH to a crypto mixer.
- CoinStats initiated security enhancements and restored full functionality by July 3 following the breach.
CoinStats has revealed new developments in its investigation into a significant security breach that occurred on June 22. According to blockchain security firm CertiK, two wallets linked to the exploit have transferred 311 ETH, worth approximately $959,000, to Tornado Cash. This move has raised alarms within the crypto community.
Tornado Cash anonymizes transactions by mixing potentially identifiable funds with many others, a method hackers commonly use to launder stolen cryptocurrencies. CertiK’s report indicated that one wallet transferred 211 ETH while another sent 100 ETH to the mixer.
Two wallets linked to EOA
0xb48b, labeled CoinStats Exploiter 31, have deposited a combined 311 ETH (~$960k) to @TornadoCashEOA 0xe0994eD541e6E6dc053Fd9eB03A32f3d9A9876C6 still holds 221 ETH 👇 pic.twitter.com/amrsTvOSTn
— CertiK Alert (@CertiKAlert) July 9, 2024
The community has reacted strongly to the breach, with some users reporting significant losses. One wallet allegedly lost almost $9 million in Maker (MKR), underscoring the severity of the exploit. CoinStats has communicated transparently the steps taken to mitigate the attack and improve security.
Details of the Security Breach
The June 22 breach affected 1,590 wallets on CoinStats, a popular crypto portfolio manager. CoinStats promptly suspended user activity and shut down the application to contain the incident. The company reassured users that the attack did not impact connected wallets or centralized exchanges. Users were advised to safeguard their funds using exported private keys.
Update on the Security Incident
The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident.
1. None of the connected wallets and CEXes were impacted.
2. Thanks to the immediate incident reponse from the CoinStats team,…
— CoinStats (@CoinStats) June 22, 2024
On June 26, CoinStats CEO Narek Gevorgyan explained the breach, revealing that attackers compromised their AWS infrastructure through a social engineering attack. After being tricked, an employee downloaded malicious software, granting the attackers access to the system. However, Gevorgyan empathized with the affected users and emphasized the company’s commitment to supporting them.
Enhancing Security Measures
CoinStats has been working diligently to secure its platform since the breach. On June 30, the company announced that it was optimizing its transaction database and transitioning to a new platform to enhance efficiency and reliability. The compnay intended to bolster the security of their systems with these upgrades and audits.
Quick updates! Currently, we're focused on:
– Optimizing our transaction database and migrating to a more robust platform for improved efficiency and reliability.
– Enhancing our security systems with upgrades and audits to ensure top-notch data protection.
— CoinStats (@CoinStats) June 30, 2024
By July 3, CoinStats had restored full functionality to its platform, allowing users to resume normal activities. The company continues investigating the incident and taking additional measures to secure its infrastructure.
In a July 5 update, CoinStats stated that the investigation is ongoing and is implementing actions to ensure the security of its new infrastructure. The firm also mentioned that it would share additional information soon, including measures to support the victims of the breach.
The crypto community has reacted strongly to the breach and the subsequent funds transfer. In addition, users have reported substantial losses, and there is a heightened awareness of the need for improved security measures across the industry. CoinStats remains committed to enhancing its security infrastructure and supporting affected users. Moreover, the company has proactively communicated its steps to address the breach and prevent future incidents.
Learn More
- Next Cryptocurrency to Explode in July 2024
- Crypto Price Predictions
- Best Solana Meme Coins to Buy In 2024
- Pepe Price Forecast: Is the Meme Coin Poised for a Recovery Beyond $0.00001?