CoinStats attack-related wallets drew attention by transferring nearly $1 million worth of Ethereum to the cryptocurrency mixing protocol Tornado Cash. Blockchain security firm CertiK reported that in June, two wallets linked to the CoinStats attack transferred approximately $959,000 worth of 311 Ethereum to Tornado Cash. One wallet moved 211 Ethereum, while the other sent 100 Ethereum to the crypto mixer.
New Development in CoinStats Attack
Crypto mixers keep transactions confidential by combining potentially identifiable funds with many other funds. This process anonymizes fund transfers between services and is often used by hackers to launder their illicit gains. On June 22, crypto portfolio manager CoinStats suspended user activity following a breach affecting 1,590 crypto wallets. The company announced that it shut down the application to isolate the security incident.
The firm said the attack was mitigated and noted that none of the linked wallets and CEXs were affected. The company urged affected users to move their funds using their exported private keys. On June 30, CoinStats stated that they optimized their transaction databases and migrated to a different platform to enhance efficiency and reliability.
The company also mentioned that they improved their systems with upgrades and audits. On July 3, CoinStats announced that the functions on their platform had been restored and were fully operational.
Details on the Matter
On June 26, CoinStats CEO Narek Gevorgyan disclosed some investigation details. According to Gevorgyan, their infrastructure was hacked with evidence showing that one of their employees was tricked into downloading malware onto their work computer:
“Our AWS infrastructure was hacked, and there is strong evidence that it was done by one of our employees who downloaded malware onto their work computer through social engineering.”
The executive also empathized with those who lost their funds in the attack, emphasizing that they would support users and had already discussed their options. Community members reported millions of dollars in losses; one wallet allegedly lost nearly $9 million in Maker (MKR).
In a July 5 update, CoinStats emphasized that they were still investigating the incident and had taken steps to ensure the security of their new infrastructure. The firm stated that they would soon share additional information, including user support measures.
