CoinStats, a popular crypto portfolio app, has taken the necessary step of suspending its application temporarily following a security breach that has affected 1,590 wallets, which accounts for 1.3% of all CoinStats wallets. The company has assured users that connected wallets and centralized exchanges have not been compromised.
Users of CoinStats have been advised to export and use their private keys after a scam notification was sent out, exposing security vulnerabilities in the app. The notification falsely promised a 14.2 ETH reward and directed users to log into the CoinStats AirScout wallet, leading them to a fraudulent website.
As a long-time supporter of CoinStats, I was able to move my funds out of the wallet before the scam notification was sent. However, funds from Ethereum and Polygon wallets have been taken by the attacker. CoinStats has provided a link to the list of affected wallets and is actively investigating the extent of the compromised funds.
The company has apologized for the inconvenience caused by the security breach and scam notification, and efforts are being made to restore the functionality of the app as soon as possible. Updates will be provided to users as the investigation progresses.
While CoinStats has not disclosed the cause of the attack, concerns have been raised about the storage of private keys on their server and the randomness of wallets generated within the app. It is possible that attackers were able to access the server and predict private keys, compromising user funds.
At this time, wallets or API connections shared with the CoinStats portfolio application do not appear to have been affected. However, some users have reported that other wallets connected to DeFi features have been drained. CoinStats has acted swiftly to address the situation, and the app remains down while the investigation continues.
In conclusion, users are advised to remain vigilant against unexpected competitions or rewards in the crypto space and to use hardware wallets to secure their funds. Additional security measures may be necessary to protect against future breaches and scams in the cryptocurrency industry.