On June 22, CoinStats reported a security incident impacting wallets created directly within the app. The company assures users that externally connected wallets and centralized exchanges (CEXs) remain unaffected.
CoinStats urged users with exported private keys to move their funds immediately. According to the CoinStats team, only 1,590 of all CoinStats wallets were affected, or 1.3%.
CoinStats has suspended user activity and taken the app offline to investigate the incident thoroughly. The company has assured users that the attack has been contained and will continue to provide updates as more information becomes available.
The hack enabled the bad actors to send fraudulent notifications to iOS and Android users, falsely promising rewards and prompting them to access the CoinStats AirScout wallet. Clicking on the link led users to a drainer website, promoted through a push notification from CoinStats and an official in-app alert on the home screen.
While the company has not disclosed the cause of the attack, the incident has sparked concerns about the security of private keys stored on their server and the randomness of wallets generated within the app. Owners whose wallet addresses appear on this list are advised to transfer their funds promptly using exported private keys.
The company is actively investigating the extent of the funds moved and will provide updates as soon as possible. CoinStats expressed gratitude for users’ patience during this period.
The security breach has rattled the cryptocurrency community, leading industry experts to advise victims to be wary of fraudulent rescue efforts. The hack exposed the personal info for over 1.9 million CoinGecko users.
While CoinGecko ensured that user accounts and passwords remained secure, the attackers used the compromised data to send 23,723 phishing emails to affected contacts. Phishing attacks are commonly used by cybercriminals to steal sensitive information like cryptocurrency wallet private keys or deceive users into sending funds to fraudulent addresses.
The CoinGecko data breach adds to a series of security incidents impacting the cryptocurrency industry. Yang created a token named BFF and deceived investors with promises of high returns.
The fraudulent scheme was exposed, leading to Yang being held responsible for his actions and receiving a substantial prison term. This case underscores the serious consequences of fraudulent activities within the crypto industry.