CoinStats suffered a security breach late into Saturday as iOS and Android users reported receiving questionable notifications about them being eligible for rewards. However, the notifications took them to a shady website asking them to download another application to receive the rewards. CoinStats updated users about the same on X. “Some iOS users received a scam notification. We’re investigating it. Sorry for the inconvenience. We’ll update you ASAP. Thanks for your understanding.” Some Android users reported the same issue after CoinStat’s post went up. It took to X a couple of hours later to confirm it was indeed “experiencing a security incident affecting wallets created directly within CoinStats; this does not impact externally connected wallets.” The post also asked users to move
Topics:
Suraj Manohar considers the following as important: crypto scams, crypto wallets, News
This could be interesting, too:
Leon Okwatch writes HashKey Global Lists Hamster Kombat (HMSTR) with 20,000 HSK Prize Pool for New Users
Chimamanda U. Martha writes Kraken Partners German Football Club to Increase Crypto Adoption in Sports
Leon Okwatch writes EOS Network Completes Spring 1.0 Upgrade, Achieving 1-Second Transaction Finality
Steve Muchoki writes Bitcoin (BTC) Price Faces Midterm Uncertainty as Mt. Gox Signals .8B in Repayments Soon
CoinStats suffered a security breach late into Saturday as iOS and Android users reported receiving questionable notifications about them being eligible for rewards. However, the notifications took them to a shady website asking them to download another application to receive the rewards.
CoinStats updated users about the same on X. “Some iOS users received a scam notification. We’re investigating it. Sorry for the inconvenience. We’ll update you ASAP. Thanks for your understanding.” Some Android users reported the same issue after CoinStat’s post went up.
It took to X a couple of hours later to confirm it was indeed “experiencing a security incident affecting wallets created directly within CoinStats; this does not impact externally connected wallets.” The post also asked users to move their funds “ASAP” if they had their private keys exported.
The security issue only affected users who used wallets natively created on CoinStats, not wallets from external providers connected to it. The platform is a portfolio tracker, allowing users to connect all their wallets to a single application and manage their holdings and investments. It has gained immense popularity by making it easy for users to deal with the crypto ecosystem.
A few hours after its post confirming the breach, CoinStats posted again to let its users know that “The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident.” It also mentioned its security team acted quickly, thanks to which only “1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets.”
It further linked a Google Doc in the post, displaying wallets affected by the breach so those impacted could move their funds elsewhere. CoinStats has taken its platform offline and has switched user wallet settings to read-only.
It let users know that it continues to investigate the extent to which the breach has caused damages but said it would not be much compared to what it has found. Nevertheless, one user commented on the posts claiming that the funds from their external wallet got drained due to the breach. Future updates from CoinStats will reveal the true extent of the attack.
Image by Markus Winkler from Pixabay