Threat actors compromised 1,590 CoinStats crypto wallets

Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency portfolio management and tracking platform CoinStats.

The cryptocurrency portfolio management and tracking platform CoinStats suffered a massive security breach. Alleged North Korea threat actors have compromised 1,590 cryptocurrency wallets.

CoinStats allows users to monitor their cryptocurrency holdings across various exchanges and wallets in a single platform. The incident only impacted the users who hosted their wallets on CoinStats.

To mitigate the incident, the platform temporarily shut down the application. 

The company explained that only 1.3% of all hosted wallets were compromised by the attackers.

The investigation is still ongoing and the number of impacted wallets could increase, but the company states that they don’t expect significant changes.

In a message published on X, the company shared a link to a list of the affected wallets.

The company shared a list of impacted wallets on this spreadsheet, but some users reported that funds were stolen from wallets that were not on this list. Therefore, the actual scope of the incident might be more significant than what CoinStats has verified.

The CEO of the company announced on X that they possess significant evidence indicating a North Korea-linked APT group conducted the attack.

North Korea-linked APT groups are known for carrying out attacks against cryptocurrency exchanges.

At this time, it’s unclear if the attackers have stolen users’ funds.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, cryptocurrency)