CoinStats Temporarily Shuts Down After 1,590 Wallets Drained

CoinStats, a platform that allows users to track their crypto holdings across wallets and exchanges, disclosed that some user wallets had been impacted by a security incident over the weekend.

The team behind CoinStats advised users to move their funds as soon as possible if they had exported their private keys in an X post on Saturday, after disclosing a “security incident” that supposedly impacted only externally connected wallets.

A few hours later, CoinStats said the attack had been mitigated and revealed that 1,590 wallets had been compromised and shared a list of wallet addresses that were impacted. The team also said that the platform would be shut down temporarily to isolate the incident.

“We ensure the safety of your funds by obtaining read-only access, which allows us to display your balances and transactions without having the authority to conduct any transactions or make changes to your account,” reads the CoinStats website, which also promised users “military-grade encryption.”

While CoinStats claims that no externally connected wallets were impacted, some users say otherwise. However, at the time of writing it was unclear if these users had set their API permissions for external wallets to read-only access.

The attack comes after some iOS users received a phishing notification from the CoinStats app, inviting them to connect to an AirScout wallet to claim a 14.2 ETH reward to celebrate 2 million users. This link then led them to a malicious website that drained funds from connected wallets.

More concerningly, some users who claimed to have not received any scam notifications, still reported that their wallets were drained.

According to CoinStats CEO Narek Gevorgyan, the total amount that was drained from the affected wallets list is around $2 million — the majority of funds stolen reportedly belonged to two wallets that imported their seed phrases to CoinStats.

“We also have a significant evidence to assume that attack was a part of this group of hacks, described by FBI report with ties to North Korea,” Gevorgyan said.