Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
CoinStats lost $2.2 million in crypto in June’s hack to the Lazarus Group

CoinStats lost $2.2 million in crypto in June’s hack to the Lazarus Group

Cryptopolitan2024/07/14 00:58
By:By Florence Muchai

Share link:In this post: CoinStats blames the Lazarus Group for a sophisticated, nation-state-affiliated $2.2 million attack. The company said the attacker compromised multiple critical services, which were rebuilt from scratch.Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any in

CoinStats, an established crypto-tracking program, has provided more details about its June security problem. The company believes the attack was carried out by the infamous Lazarus outfit or another hacking outfit funded by a nation-state. 

The company noted in a recent incident report that a ” sophisticated (and we believe nation-state affiliated) attacker managed to access private keys of exactly 1590 CoinStats Wallets, resulting in the theft of approximately $2.2 million worth of cryptocurrency.” 

Through collaboration with law enforcement and security researchers, we gathered enough evidence to confidently attribute the attack to the Lazarus Group or a related organization with a nation-state level of sophistication and resources.

CoinStats

The company noticed unusual activity connected to transfers involving the third-party supported, non-custodial CoinStats Wallet at 18:00 UTC on June 22, 2024. CoinStats promptly suspended the entire site to conduct a full investigation and notified the third-party wallet service provider to take any necessary action. 

According to the report, the attacker was able to compromise many services connected to CoinStats’ storage of user-created wallet private keys “…through a combination of unauthorized intrusions across multiple services, including outside of CoinStats.”

According to the report, professionals such as ZachXBT and MetaMask lead security researcher Taylor Monahan are currently tracing the cash, and the attack has been reported to law authorities. 

We enlisted the help of leading security researchers by the help of Security Alliance, including renowned experts like ZachXBT and Tay (Head of Security at MetaMask), to trace the stolen funds. Still ongoing. […] We reported the security incident to local law enforcement and the FBI.

CoinStats

According to the report, the attacker was able to compromise many services connected to CoinStats’ storage of user-created wallet private keys “…through a combination of unauthorized intrusions across multiple services, including outside of CoinStats.”

According to the report, professionals such as ZachXBT and MetaMask lead security researcher Taylor Monahan are currently tracing the cash, and the attack has been reported to law authorities.

CoinStats urged users to transfer assets out of wallets created on the platform in June after an attacker hijacked it and delivered fake notifications to mobile users. According to the entity, the hack impacted 1,590 wallets or 1.3% of all CoinStats wallets.

Since the breach, the company has entirely rebuilt its platform environment, “ensuring that no parts of the old infrastructure were used to guarantee the integrity of the new setup,” and hired new infrastructure auditors. 

CoinStats lost $2.2 million in crypto in June’s hack to the Lazarus Group image 0

As a result, the site is back in full function, and while the business has found no evidence of user data theft, the report urges the company’s users to be wary of potential phishing attacks on companys-related email addresses as a precaution.

The company has also set up a form for victims of the attack to identify themselves by August 15 to be eligible for “any future support from the team,” though the company declined to reveal any particular specifics about stolen money reimbursement. 

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!