CoinStats hack caused by ‘socially engineered’ employee, CEO suspects
The recent hack of 1,590 CoinStats crypto wallets was carried out by compromising a CoinStats employee.
On June 22, the cryptocurrency portfolio manager CoinStats temporarily suspended its services after discovering an active attack on its wallets. A swift and proactive response limited the hacker’s access to only 1.3% of all CoinStats wallets, resulting in a loss of $2 million.
Source: Narek GevorgyanFive days later, on June 26, Narek Gevorgyan, CEO of CoinStats, revealed the findings of an internal investigation:
“Our AWS infrastructure was hacked, with strong evidence suggesting it was done through one of our employees who was socially engineered into downloading malicious software onto his work computer.”
Social engineering is a widely-used tactic used by hackers to manipulate, influence or deceive a victim in order to gain control over a computer system.
CoinStats shut down its website while it resolves the security issue. Source: CoinStatsWhile Gevorgyan’s message did not explicitly promise refunds for all victims, the company plans to provide a detailed plan of action after conducting a thorough post-mortem analysis of the situation.
“I empathize with those who lost money; I’m sure their situation is just as difficult. CoinStats will definitely support the victims of the hack, and we’ve been discussing options internally.”
Some community members have reported even greater losses due to the breach. For instance, a wallet owned by Blurr.eth allegedly lost 3,657 Maker ( MKR ) tokens valued at approximately $8.7 million.
Source: Wu BlockchainHowever, the company has yet to acknowledge the claims.
Related: 1,590 CoinStats crypto wallets ‘affected’ in security breach
Security breaches have become a rising concern among crypto service providers. On June 5, cryptocurrency data aggregator CoinGecko suffered a data breach via its third-party email management platform GetResponse.
Similar to the CoinStats hack, the security breach at CoinGecko occurred due to a compromised employee account, according to the company’s June 7 announcement:
“An attacker had compromised a GetResponse employee’s account, leading to a breach. We received confirmation from the GetResponse team on 6 June 2024, at 11:58 AM UTC, that a data breach had occurred.”
The compromised data include users’ names, email addresses, IP addresses, location of email opens and other metadata such as sign-up dates and subscription plans.
Magazine: Polkadot’s Indy 500 driver Conor Daly: ‘My dad holds DOT, how mad is that?’
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Nayib Bukele meets Elon Musk at Tesla to discuss AI, future of humanity
Altcoins Moving Up: They Outperformed Bitcoin and Ethereum – Analysts Assessed the Situation
Following the FED's interest rate decision, it was observed that the market values of altcoins increased more than that of Bitcoin.
Here’s Which Countries Lead in State-Held Bitcoin Reserves
Trump silent on crypto platform, SEC urged to clarify airdrops: Finance Redefined