In a July 5 update, CoinStats reported that it is continuing to investigate the incident and is actively working to secure its new infrastructure
Wallets associated with the CoinStats exploiter were observed to transfer nearly $1 million in Ether into the Tornado Cash cryptocurrency mixing protocol.
CertiK, a blockchain security firm, reported that two wallets associated with the CoinStats exploit in June transferred 311 ETH, approximately $959,000, to Tornado Cash.
One wallet transferred 211 Ether, while the other sent 100 Ether to the crypto aggregator.
By combining potentially identifiable funds with numerous other funds, crypto mixers ensure the privacy of transactions. Hackers frequently use this to conceal illicit profits by anonymizing fund transfers between services.
CoinStats flaw hit 1,590 wallets
CoinStats, a crypto portfolio manager, suspended user activity on June 22 in response to a breach that impacted 1,590 crypto wallets. The organization declared that it terminated the application to “isolate the security incident.”
The company stated that the attack had been mitigated and that “none of the connected wallets and CEXes were impacted.” The company encouraged impacted users to transfer funds using their exported private keys.
CoinStats announced on June 30 that they are optimizing their transaction database and transitioning to a different platform to enhance reliability and efficiency.
Additionally, the organization disclosed that they are conducting audits and enhancements to optimize their systems.
CoinStats declared on July 3 that its platform’splatform’s functionalities have been completely restored and are now operational.
“Socially engineered” employee responsible for CoinStats breach. Narek Gevorgyan, the CEO of CoinStats, disclosed specific details of the investigation on June 26.
Gevorgyan alleges that their infrastructure was compromised, and there is evidence that one of their employees was deceived into downloading malicious software onto a work computer. Gevorgyan stated:
“Our AWS infrastructure was hacked, with strong evidence suggesting it was done through one of our employees who was socially engineered into downloading malicious software onto his work computer.”
The executive also expressed sympathy for those who lost their funds in the attack and emphasized that they would assist the victims. They have already discussed their options.
According to community members who reported losses in the millions, one wallet purportedly lost nearly $9 million in Maker (MKR).
CoinStats, in a July 5 update, emphasized that it is continuing to investigate the incident and is taking measures to guarantee the security of its new infrastructure.
The company has announced that it will shortly provide additional information, including victim support measures.
