By Christian Encila, Bitcoinist.com, 2024-06-23
Popular cryptocurrency portfolio tracker CoinStats is reeling from a security breach that exposed user wallets and sent scam notifications to mobile devices. The company has taken the drastic step of shutting down its platform entirely while they investigate the incident.
The breach, confirmed by CoinStats on their official social media channel, compromised a yet-to-be-determined number of user-created wallets within the app. CoinStats is urging all users who created wallets on their platform to immediately transfer their crypto holdings to minimize potential losses.
While the exact number of affected users is still under investigation, CoinStats advises all its wallet users to move their funds to a secure location as soon as possible, a spokesperson stated.
We are currently experiencing a security incident affecting wallets created directly within CoinStats; this does not impact externally connected wallets.
If you have your private key exported, move your funds ASAP.
— CoinStats (@CoinStats) June 22, 2024
Phishing Scam Lures Users With Fake Rewards
Sophisticated Phishing Scam
The security breach involved a sophisticated phishing scam. CoinStats users, particularly those on iOS devices, received notifications congratulating them on winning a substantial amount of cryptocurrency, specifically 14.2 ETH (Ethereum). Clicking the notification likely led users to a malicious website designed to steal their private keys and drain their wallets.
Common Crypto Scams
These scams are becoming increasingly common. Hackers exploit user excitement surrounding the potential for quick gains in the crypto space. It's crucial to be wary of unsolicited messages, especially those promising rewards or requiring urgent action.
Transparency Concerns Cloud The Issue
Conflicting Claims About Wallet Security
CoinStats maintains that the breach only affected internal wallets created within their app. They assure users that externally connected wallets and those stored on centralized exchanges (CEX) remain secure. However, some users have reported unauthorized transactions even in their external wallets, casting doubt on CoinStats‘ claims.
Lack of Transparency
The company has also been criticized for a lack of transparency. The full extent of the damage, including the number of compromised wallets and the total amount of stolen cryptocurrency, remains unknown. CoinStats has promised a detailed report on the incident but has not provided a timeframe for its release.
The CoinStats breach serves as a stark reminder of the evolving cybersecurity threats within the cryptocurrency space. As the industry continues to grow, so do the efforts of malicious actors targeting user funds.
Featured image from Mashable, chart from TradingView
