The crypto portfolio tracking app blamed a $2.2 million hack in June on a sophisticated and nation-state affiliated hacker, likely the Lazarus Group.
According to the company, the attacker compromised several core services, all of which have since been rebuilt from scratch.
CoinStats, a popular cryptocurrency-tracking app, has revealed additional details surrounding its June security incident.
According to the company, a “…sophisticated (and we believe nation-state affiliated) attacker managed to access private keys of exactly 1590 CoinStats Wallets, resulting in the theft of approximately $2.2 million worth of cryptocurrency,” CoinStats wrote in a recent incident report. The company believes the infamous Lazarus Group, or another similarly nation-state supported hacking group, is responsible for the attack.
The attacker managed to compromise several services related to CoinStats’ storage of the private keys of user-created wallets “…through a combination of unauthorized intrusions across multiple services – including outside of CoinStats,” according to the report. Tracing of the funds by experts such as ZachXBT and MetaMask principal security researcher Taylor Monahan is ongoing and the attack has been reported to law enforcement, the report states.
CoinStats warned users in June to transfer funds out of wallets created on the platform after an attacker hijacked the platform and sent out fraudulent notifications to mobile users, The Block previously reported. The attack affected 1,590 wallets, or 1.3% of all CoinStats wallets, according to the company.
Start your day with the most influential events and analysis happening across the digital asset ecosystem.