CoinStats, a popular cryptocurrency wallet tracker, suffered a security breach that exposed users’ wallets and sent scam notifications to mobile devices. The company took the drastic step of shutting down its entire platform while the incident was investigated.
The hack, which CoinStats confirmed on its official social media channel, resulted in the compromise of an as-yet-unspecified number of user-created wallets within the app. CoinStats urges all users who have created wallets on their platform to transfer their cryptocurrency holdings immediately to minimize potential losses.
While the exact number of affected users is still under investigation, CoinStats advises all users of its wallet to move their funds to a safe location as soon as possible, a company spokesperson said.
We are currently experiencing a security incident affecting wallets created directly within CoinStats; This does not affect externally connected wallets.
If you export your private key, move your funds as quickly as possible.
— CoinStats (@CoinStats) June 22, 2024
This phishing scam lures users with fake rewards
The security breach involved a complex process Phishing scam. CoinStats users, especially those using iOS devices, received notifications congratulating them on winning a large amount of cryptocurrency, specifically 14.2 ETH (Ethereum). Clicking on the notification could potentially direct users to a malicious website designed to steal their private keys and drain their wallets.
These scams are becoming increasingly common. Hackers are exploiting user excitement surrounding the possibility of making quick gains in the cryptocurrency space. It is important to be wary of spam messages, especially those that promise rewards or require urgent action.
Transparency concerns obscure the problem
CoinStats maintains that the hack only affected internal wallets created within its app. It assures users that externally connected wallets and those stored on centralized exchanges (CEX) remain secure. However, some users reported unauthorized transactions even in their offshore wallets, casting doubt on CoinStats’ claims.
The company has also been criticized for its lack of transparency. The full extent of the damage, including the number of wallets compromised and the total amount of cryptocurrencies stolen, remains unknown. CoinStats promised a detailed report on the incident, but did not provide a time frame for its release.
The CoinStats breach is a stark reminder of the evolving cybersecurity threats within the cryptocurrency space. As the industry continues to grow, so too are the efforts of malicious actors targeting users’ funds.
Featured image from Mashable, chart from TradingView