The CEO further stated that strong evidence suggested that the $2M crypto theft was orchestrated by a Coinstats employee.
CoinStats CEO Narek Gevorgyan revealed new details on June 26 regarding the recent CoinStats hack that saw bad actors steal $2 million worth of tokens from the crypto portfolio tracker.
Gevorgyan explained in a detailed post on X that investigations into the CoinStats hack revealed its AWS infrastructure was breached.
Deep Dive into CoinStats Hack and Recent Discovery
AWS, also known as Amazon Web Services (AWS), is a suite of cloud services and resources for hosting applications, managing data, and computing tasks.
The CEO further stated that strong evidence suggested that the attack was orchestrated through one of their employees, who was “socially engineered” into downloading malicious software into the company computer.
What a week it's been.
I've been working diligently on CoinStats for the last 6 years. We've experienced many highs and lows, but I believe we've created the best portfolio tracker on the market.
Our AWS infrastructure was hacked, with strong evidence suggesting it was done…
— narek (@narek_gevorgyan) June 26, 2024
Social engineering is a manipulation technique that hackers use to exploit human error through persuasive tricks to gain private information or access, such as login credentials.
Gevorgyan further expressed his deep sympathy for the victims who lost funds in the CoinStats hack, acknowledging the severity of their situation.
“I empathize with those who lost money; I’m sure their situation is just as difficult,” he stated.
“CoinStats will definitely support the victims of the hack, and we’ve been discussing options internally. We’re waiting for a few details from law enforcement to be finalized before we can share a more detailed post-mortem of the hack.”
The CoinStats hack took place on June 22. The scammers fraudulently sent scam notifications to the company’s iOS and Android users.
These messages falsely promised rewards and directed users to access the CoinStats AirScout Wallet, a feature within the CoinStats app that facilitates rapid transactions.
The security breach affected about 1,600 crypto wallets, losing $2 million.
In an immediate response to the hack, CoinStats paused all operations to prevent further losses and to begin an internal investigation.
On June 24, the firm announced that its operations were back online after implementing additional security measures and conducting preliminary investigations.
CoinStats Hack Drained Huge Amount of Assets
The security breach has elicited frustrations and concerns from some of the users whose crypto wallets were affected, as some even claimed a huge loss.
For instance, a wallet owned by DeFi developer Blurr.eth allegedly lost 3,657 Maker (MKR) tokens valued at approximately $8.7 million.
Crypto portfolio tracking app CoinStats said that some iOS users received scam notifications and it is experiencing a security incident that affects wallets created directly in CoinStats. 1.3% of CoinStats wallets are affected, a total of 1,590 wallets, please use the exported…
— Wu Blockchain (@WuBlockchain) June 23, 2024
According to the Etherscan data, the CoinStats hacker converted these tokens on the blockchain for 2,482 ETH. The massive sell-off reportedly led to a slump in MKR price, dropping from $2,462 to $2,280, resulting in a short-term drop of 7%.
This is not the first time that crypto providers will suffer security breaches.
On June 5, CoinGecko data breach affected over 23,000 users. This was a result of the data breach that its third-party email platform GetResponse suffered, which exposed Coingecko’s users to phishing emails.
In another development, Gala Games lost $23 million to a security breach on May 20, 2024. The hacker accessed a Gala Games admin address and minted 5 billion new GALA tokens sold on the Uniswap exchange.
