Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Cryptocurrency portfolio management company CoinStats temporarily suspended user activities after 1,590 crypto wallets were affected by a security incident. CoinStats stated, "The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident. None of the connected wallets and CEXes were impacted. Thanks to the immediate incident reponse from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes." On June 26, Narek Gevorgyan released a security incident update, stating that the security vulnerability was due to the company's AWS infrastructure being hacked. Evidence indicates that it was done through one of employees who was socially engineered into downloading malicious software onto his work computer. Attack method (per SlowMist): Malware Attack. Reported loss: $ 2,000,000.
- chain
- —
- protocol
- CoinStats
- bug_class
- infrastructure
- date_occurred
- 2024-06-22
- loss_usd
- $2,000,000
- source_id
- sm:coinstats::2024-06-22