On June 22, cryptocurrency portfolio manager CoinStats temporarily halted its services upon detecting an ongoing attack on its wallets. A prompt and proactive intervention restricted the hacker’s access to just 1.3% of all CoinStats wallets, resulting in a $2 million loss.
Five days later, on June 26, CoinStats CEO Narek Gevorgyan disclosed the results of an internal investigation:
“Our AWS infrastructure was breached, and there is compelling evidence indicating that it was accomplished through one of our employees who was manipulated into downloading malicious software onto their work computer.”
Social engineering is a commonly employed tactic by hackers to manipulate, influence, or deceive a victim to gain access to a computer system.
While Gevorgyan’s statement did not explicitly commit to refunds for all affected individuals, the company intends to outline a comprehensive action plan following a thorough post-mortem analysis of the incident.
“I sympathize with those who suffered financial losses; I understand their situation is challenging. CoinStats will certainly assist the victims of the breach, and we have been internally exploring various options.”
Some community members have reported significant losses due to the breach. For example, a wallet belonging to Blurr.eth reportedly lost 3,657 Maker (MKR) tokens valued at around $8.7 million.
However, the company has yet to acknowledge the claims.
Security breaches are increasingly concerning for crypto service providers. On June 5, cryptocurrency data aggregator CoinGecko experienced a data breach through its third-party email management platform, GetResponse.
CoinGecko disclosed in a statement on June 7 that, similar to the CoinStats incident, the breach was facilitated by a compromised employee account:
“An attacker gained access to a GetResponse employee’s account, resulting in a breach. We were notified by the GetResponse team on June 6, 2024, at 11:58 AM UTC, confirming the occurrence of a data breach.”
The compromised data includes users’ names, email addresses, IP addresses, locations of email opens, and other metadata such as sign-up dates and subscription plans.
