Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
CoinStats Suspends User Activity After Security Breach Affecting 1,590 Wallets


  • CoinStats faces security breach affecting 1,590 wallets; urges immediate fund transfer. 
  • Scam notification offers fake rewards to CoinStats users, prompting platform shutdown for investigation.
  • June sees a surge in crypto security breaches: BtcTurk, CoinGecko, and Defiance Capital are among the prominent victims.

Cryptocurrency portfolio management company CoinStats has temporarily suspended user activity after a security breach that affected 1,590 crypto wallets.

In a June 22 post, Coinstats wrote:

“The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident.”

Due to the swift response from the CoinStats team, only “1.3% of all CoinStats wallets were affected, totaling 1,590 wallets,” the statement added while asserting that “none of the connected wallets and CEXes were impacted.” The portfolio manager assured users on its website that their assets are “perfectly safe under any conditions,” as the app only requires “read-only access” to connected crypto wallets. The “read-only access” feature in CoinStats allows users to monitor details of all linked crypto wallets, including balances and transactions, without the ability to transfer funds or make modifications.

CoinStats Users Received Scam Notification Promising Rewards

The incident featured a phishing notification on iOS falsely claiming users had won 14.2 ETH in a rewards competition, later identified as a scam. Some Android users have also reported receiving similar notifications. Many complained about an advertisement for a fake website that tried to install a configuration program on iOS devices.

CoinStats shut down the platform for investigation and placed a placeholder on its homepage, promising a detailed report on the incident soon.

CoinStats hack
Source: CoinStats

According to Reddit user Duneswinton, before the platform went offline, the app displayed an advertisement for a fake website that tried to deceive users into installing a configuration program on iOS. This program is possibly intended to serve as a backdoor for attackers to access the affected devices.

Before identifying the affected wallets in the security breach and urging them to transfer funds, the company stated:

“We are currently experiencing a security incident affecting wallets created directly within CoinStats; this does not impact externally connected wallets. If you have your private key exported, move your funds ASAP.”

Extent of Impact from Security Incident Still Undisclosed

CoinStats did not reveal how much the wallets were affected by the security breach but pledged to share updates as soon as they become available. The company has published a Google document listing all currently affected crypto wallets. It mentioned that the list “might change” as the investigation continues, but the team does not expect significant changes.

The portfolio manager stated:

“If your wallet address is in this affected list, please move your funds immediately using your exported private key.”

Major Crypto Firms Face Security Breaches This Month

The CoinStats breach is one of the latest security incidents within the crypto industry. Many crypto companies faced significant security breaches this month.

BtcTurk Cyberattack

Recently, Binance CEO Richard Teng confirmed that the exchange would enhance its security measures following the hack on BtcTurk. Binance temporarily froze over $5.3 million in stolen funds that had passed through the exchange, demonstrating the platform’s commitment to safeguarding users’ funds.

In response to the attack, BtcTurk halted all crypto transactions, including withdrawals and deposits. Hackers targeted the exchange’s hot wallets, affecting balances in ten cryptocurrencies. However, BtcTurk assured users that most of their assets are secure in cold wallets.

CoinGecko Data Breach

Crypto market data aggregator confirmed a security breach involving its third-party email management platform, GetResponse. On June 5, it was disclosed that attackers accessed and exported contact information of over 1.9 million CoinGecko users.

Defiance Capital’s X Account Hack 

On June 22, a post appeared on the official X account of the hedge fund Defiance Capital, announcing the launch of the DEFIANCE token. The post stated that all users are eligible for the token distribution and included a link for users to access the token.

Shortly after the post, Arthur Cheong, founder and CEO of Defiance Capital, publicly stated that the company’s official X account had been hacked. He confirmed the initial announcement was a scam and warned users not to click on any links.

Read More

Disclaimer: Cryptocurrency is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.


Buy Cryptos on eToro banner