Popular cryptocurrency portfolio tracker CoinStats is reeling from a security breach that exposed users’ wallets and sent scam notifications to mobile devices. The company has taken the drastic step of completely shutting down its platform while it investigates the incident.
The breach, confirmed by CoinStats on its official social media channel, compromised a yet-to-be-determined number of user-created wallets within the app. CoinStats urges all users who have created wallets on their platform to immediately transfer their crypto holdings to minimize potential losses.
Although the exact number of affected users is still under investigation, CoinStats advises all users of its wallet to move their funds to a secure location as soon as possible, a spokesperson said.
We are currently experiencing a security incident affecting wallets created directly in CoinStats; This does not impact externally connected wallets.
If your private key is exported, move your funds as soon as possible.
– CoinStats (@CoinStats) June 22, 2024
Phishing scam lures users with fake rewards
Security breach involved sophisticated system Phishing. CoinStats users, especially those on iOS devices, received notifications congratulating them on winning a substantial amount of cryptocurrency, specifically 14.2 ETH (Ethereum). By clicking on the notification, users were likely directed to a malicious website designed to steal their private keys and empty their wallets.
These scams are becoming more and more common. Hackers are exploiting user enthusiasm about the potential for quick wins in the crypto space. It is crucial to be wary of unsolicited messages, especially those that promise rewards or require urgent action.
Transparency Concerns Muddle the Issue
CoinStats maintains that the breach only affected internal wallets created within their app. They assure users that externally connected wallets and those stored on centralized exchanges (CEX) remain secure. However, some users have reported unauthorized transactions even in their external wallets, casting doubt on CoinStats’ claims.
The company has also been criticized for its lack of transparency. The full extent of the damage, including the number of wallets compromised and the total amount of cryptocurrencies stolen, remains unknown. CoinStats promised a detailed report on the incident but did not provide a timeline for its release.
The CoinStats breach is a stark reminder of the evolving cybersecurity threats in the cryptocurrency space. As the industry continues to grow, so do the efforts of bad actors targeting user funds.
Featured image from Mashable, chart from TradingView
