CoinStats crypto portfolio app temporarily shuts down to address security incident, 1590 wallets affected

The company reported that connected wallets and centralized exchanges (CEXes) were unaffected. CoinStats is also investigating a scam notification

CoinStats, a cryptocurrency portfolio app, has encountered a security incident, prompting the company to shut down its application temporarily. The breach, which was discovered on March 23, is being investigated by CoinStats.

According to the company's statement, the breach was limited to 1,590 wallets, or 1.3% of all CoinStats wallets. Connected wallets and centralized exchanges (CEXes) were not affected.

CoinStats is also investigating a scam notification that some iOS and Android users received, which falsely informed them of a reward and directed them to log into the CoinStats AirScout wallet. The link led users to a Drainer website, which was promoted via a CoinStats push notification and official in-app notification on the app’s home screen. The company is looking into the issue and has apologized for the inconvenience, assuring users that updates will be provided as soon as possible.

Potential Causes of the Private Key Breach

While CoinStats has not yet disclosed the cause of the attack, the incident raises concerns about whether private keys were stored on their server and the randomness of wallets generated within the app. Only CoinStats-generated wallets appear to have been specifically targeted and drained.

The attackers’ ability to access the server and send a malicious push notification suggests that they may also have gained insights into the wallet generation process. Any potential weaknesses in the random number generation used during that time could have allowed attackers to predict private keys and compromise user funds.

No wallets or API connections shared with the CoinStats portfolio application appear to have been affected at this point. However, some users have reported that other wallets that were connected to utilize DeFi features have been drained. These are unconfirmed by CoinStats at this time.

CoinStats acted swiftly and removed access to the application within hours of the incident. As of press time, the app remains down while the investigation is ongoing.

News source：https://www.kdj.com/cryptocurrencies-news/articles/coinstats-crypto-portfolio-app-temporarily-shuts-address-security-incident-wallets.html

The above is the detailed content of CoinStats crypto portfolio app temporarily shuts down to address security incident, 1590 wallets affected. For more information, please follow other related articles on the PHP Chinese website!