CoinStats hack created by ‘social engineering’ employee, CEO suspects

CoinStats hack created by 'social engineering' employee, CEO suspects


The recent hack of 1,590 CoinStats crypto wallets was done by compromising a CoinStats employee.

On June 22, cryptocurrency portfolio manager CoinStats temporarily suspended its service after discovering an active attack on its wallets. A quick and proactive response limited the hacker's access to only 1.3% of all CoinStats wallets, resulting in a loss of $2 million.

Source: Narek Gevorgyan

Five days later, on June 26, CoinStats CEO Narek Gevorjian disclosed the findings of an internal investigation.

“Our AWS infrastructure was hacked, with strong evidence that it was done by one of our employees who was socially engineered to download malicious software onto his work computer.”

Social engineering is a technique widely used by hackers to manipulate, influence, or manipulate victims in order to gain control of a computer system.

Minergate
4676c939 a8fa 4f1c 84b6 2e3888c0f346
CoinStats has shut down the website while it resolves the security issue. Source: CoinStats

Gevorgyan's message did not explicitly promise refunds to all victims, but the company plans to provide a detailed action plan after a thorough post-mortem analysis of the situation.

“I sympathize with those who lost money; I'm sure their situation is just as difficult. CoinStats certainly supports the victims of the hack, and we've been discussing options internally.”

Some members of the community said they suffered worse losses as a result of the breach. For example, a wallet owned by Blurr.eth is said to have lost 3,657 Maker (MKR) tokens worth about $8.7 million.

d5d2e88d 78f4 4057 9a2f 7b31c4b8ff33
Source: Wu Blockchain

However, the company has yet to acknowledge the claims.

Related: 1,590 CoinStats crypto wallets ‘damaged' by security breach

Security breaches are a growing concern among crypto service providers. On June 5, crypto data aggregator CoinGecko suffered a data breach through third-party email management platform GetResponse.

Similar to the CoinStats hack, the security breach at CoinGecko was caused by a compromised employee account, according to the company's June 7 announcement:

“An attacker compromised a GetResponse employee account, leading to a breach. We received confirmation from the GetResponse team that a data breach occurred on 6 June 2024 at 11:58 AM UTC.

The hacked data includes users' names, email addresses, IP addresses, email addresses and other metadata such as subscription dates and subscription plans.

Magazine: Polkadot Indy 500 driver Connor Daly: ‘My dad has a DOT, what the hell is that?'

Leave a Reply

Pin It on Pinterest