The recent hack of 1,590 CoinStats crypto wallets was carried out by compromising a CoinStats employee.
On June 22, the cryptocurrency portfolio manager CoinStats temporarily suspended its services after discovering an active attack on its wallets. A swift and proactive response limited the hacker’s access to only 1.3% of all CoinStats wallets, resulting in a loss of $2 million.
Five days later, on June 26, Narek Gevorgyan, CEO of CoinStats, revealed the findings of an internal investigation:
“Our AWS infrastructure was hacked, with strong evidence suggesting it was done through one of our employees who was socially engineered into downloading malicious software onto his work computer.”
Social engineering is a widely-used tactic used by hackers to manipulate, influence or deceive a victim in order to gain control over a computer system.
While Gevorgyan’s message did not explicitly promise refunds for all victims, the company plans to provide a detailed plan of action after conducting a thorough post-mortem analysis of the situation.
“I empathize with those who lost money; I’m sure their situation is just as difficult. CoinStats will definitely support the victims of the hack, and we’ve been discussing options internally.”
Some community members have reported even greater losses due to the breach. For instance, a wallet owned by Blurr.eth allegedly lost 3,657 Maker (MKR) tokens valued at approximately $8.7 million.
However, the company has yet to acknowledge the claims.
Related: 1,590 CoinStats crypto wallets ‘affected’ in security breach
Security breaches have become a rising concern among crypto service providers. On June 5, cryptocurrency data aggregator CoinGecko suffered a data breach via its third-party email management platform GetResponse.
Similar to the CoinStats hack, the security breach at CoinGecko occurred due to a compromised employee account, according to the company’s June 7 announcement:
“An attacker had compromised a GetResponse employee’s account, leading to a breach. We received confirmation from the GetResponse team on 6 June 2024, at 11:58 AM UTC, that a data breach had occurred.”
The compromised data include users’ names, email addresses, IP addresses, location of email opens and other metadata such as sign-up dates and subscription plans.
Magazine: Polkadot’s Indy 500 driver Conor Daly: ‘My dad holds DOT, how mad is that?’