CoinStats exploiter moves almost $1M to Tornado Cash

Almost $1 million in Ether from wallets linked to the CoinStats exploit were transferred to crypto mixing protocol Tornado Cash.
Almost $1 million in Ether from wallets linked to the CoinStats exploit were transferred to crypto mixing protocol Tornado Cash.

Wallets linked to the CoinStats exploiter were seen moving almost $1 million in Ether  into the cryptocurrency mixing protocol Tornado Cash. 

Blockchain security firm CertiK flagged that two wallets linked to the CoinStats exploit in June have transferred 311 ETH, worth about $959,000, to Tornado Cash. One wallet moved 211 Ether (ETH), while the other sent 100 ETH to the crypto mixer.

Wallet linked to CoinStats exploit transfers 211 ETH to Tornado Cash. Source: Etherscan

Crypto mixers keep transactions private by combining potentially identifiable funds with many other funds. This anonymizes fund transfers between services and is often used by hackers to launder their ill-gotten gains.

CoinStats security breach affected 1,590 wallets

On June 22, crypto portfolio manager CoinStats suspended user activity following a breach that affected 1,590 crypto wallets. The company announced that it had shut down the application to “isolate the security incident.”

The firm said the attack had been mitigated and noted that “none of the connected wallets and CEXes were impacted.” The company urged affected users to move their funds using their exported private keys.

On June 30, CoinStats said they are optimizing their transaction database and transferring to a different platform to improve efficiency and reliability. The company also said they’re enhancing systems with upgrades and audits.

Source: CoinStats

On July 3, CoinStats announced that functionalities on its platform have recovered and are fully operational.

Related: Proposed US Blockchain Integrity Act would ban crypto mixers for 2 years

CoinStats hack caused by “socially engineered” employee

On June 26, CoinStats CEO Narek Gevorgyan revealed some investigation details. According to Gevorgyan, their infrastructure was hacked, with evidence suggesting that one of their employees was tricked into downloading malicious software into a work computer. Gevorgyan said:

“Our AWS infrastructure was hacked, with strong evidence suggesting it was done through one of our employees who was socially engineered into downloading malicious software onto his work computer.”

The executive also empathized with those who lost their funds in the attack and highlighted that they would support the victims and have already discussed their options.

Community members reported millions in losses, with one wallet allegedly losing almost $9 million in Maker (MKR).

In a July 5 update, CoinStats highlighted that it is still investigating the incident and is taking action to ensure its new infrastructure is secure. The firm said they will share additional information soon, including victim support measures.

Magazine: ‘Raider’ investors are looting DAOs — Nouns and Aragon share lessons learned