Crypto tracking platform CoinStats issued a security incident report on a June attack that resulted in a $2.2 million loss, in which it identified the infamous Lazarus Group or a related organisation with a nation-state level of sophistication and resources as the likely culprit.
“The sophisticated attacker managed to access private keys of exactly 1,590 CoinStats wallets, resulting in the theft of approximately $2.2 million worth of cryptocurrency,” the report noted, adding that “The investigation into the full extent of the breach is ongoing.”
The Lazarus Group is notorious for helping fund North Korea’s nuclear weapons and missile programme with hacked crypto, stealing as much as $1.7 billion in 2022, according to Chainalysis.
CoinStats took several actions against the breach, including notifying local law enforcement and the FBI.
The company said it enlisted the help of experts through the Security Alliance, including ZachXBT and Tay (head of security at MetaMask), to trace the stolen funds, an effort that is ongoing.
CoinStats also took platform security measures, completely rebuilding their production environment, ensuring that no parts of the old infrastructure were used in order to guarantee the integrity of the new setup.
Finally, the company hired security experts and conducted comprehensive infrastructure audits, promising to provide more detailed security updates as the efforts continue.
Future support
Funds in wallets and exchange accounts connected to CoinStats for portfolio tracking purposes, such as MetaMask, Phantom, or Binance, were not affected by the incident, the company said, adding that all of its functionalities have been restored and are fully operational.
CoinStats said it has created a form to be submitted before August 15 for those affected by the attack to be eligible for future support from the CoinStats team.