- CoinStats lost $2M in a breach via a socially engineered attack targeting an employee’s AWS credentials.
- CEO Narek Gevorgyan expressed deep regret, emphasizing support for affected users and awaiting law enforcement details.
- The breach affected 1,600 wallets, a small fraction of CoinStats users, but led to a significant financial loss.
CoinStats, a leading crypto portfolio manager, faced a significant security breach resulting in the loss of $2 million worth of tokens. In a recent public statement, CoinStats CEO Narek Gevorgyan shed light on a significant breach involving an employee. Addressing the incident, Gevorgyan revealed that the breach stemmed from a socially engineered attack targeting one of their employees. The attackers gained access to CoinStats’ Amazon Web Services (AWS) infrastructure, compromising nearly 1,600 wallets.
Immediate Response and Empathy for Victims
The CEO expressed his distress over the security lapse and empathy towards the affected users, stating,
“Seeing all this happen to something you’ve worked hard on for 6 years is tough, especially since it occurred because of a secondary feature.”
CoinStats is actively discussing support options for the victims and is awaiting additional details from law enforcement to provide a comprehensive post-mortem of the incident.
Details of the Breach
The vulnerability was exploited via malicious software downloaded onto an employee’s work computer. This incident affected less than 1.3% of all CoinStats Wallets but had a profound impact due to the significant amount of funds involved. Despite the breach, CoinStats assured that none of the connected wallets and centralized exchanges (CEXs) were impacted, highlighting the isolated nature of the attack.
Previous Security Incidents and Measures
Simultaneously, in a separate but equally alarming cybersecurity incident, Microsoft India’s X account fell victim to cryptocurrency scammers. The hackers impersonated well-known meme stock trader Keith Gill, also known as Roaring Kitty, to lure users to a phishing site that aimed to steal Bitcoin by promoting a nonexistent GameStop (GME) cryptocurrency presale.
Mark Cuban Sells $38,000 in NFTs After Two-Year Hiatus Amid Gmail HackFollowing the discovery of the hack, Microsoft India acted swiftly to regain control of their X account, minimizing potential damage. Similarly, CoinStats has been proactive in addressing the security breach, assuring users of ongoing efforts to secure the platform and mitigate any further risks.