CoinStats says $2.2 million worth of crypto was stolen in June hack by 'sophisticated attacker'

Quick Take

  • The crypto portfolio tracking app blamed a $2.2 million hack in June on a sophisticated and nation-state affiliated hacker, likely the Lazarus Group. 
  • According to the company, the attacker compromised several core services, all of which have since been rebuilt from scratch. 

CoinStats, a popular cryptocurrency-tracking app, has revealed additional details surrounding its June security incident. 

According to the company, a "...sophisticated (and we believe nation-state affiliated) attacker managed to access private keys of exactly 1590 CoinStats Wallets, resulting in the theft of approximately $2.2 million worth of cryptocurrency," CoinStats wrote in a recent incident report. The company believes the infamous Lazarus Group, or another similarly nation-state supported hacking group, is responsible for the attack. 

The attacker managed to compromise several services related to CoinStats' storage of the private keys of user-created wallets "...through a combination of unauthorized intrusions across multiple services – including outside of CoinStats," according to the report. Tracing of the funds by experts such as ZachXBT and MetaMask principal security researcher Taylor Monahan is ongoing and the attack has been reported to law enforcement, the report states. 

CoinStats warned users in June to transfer funds out of wallets created on the platform after an attacker hijacked the platform and sent out fraudulent notifications to mobile users, The Block previously reported. The attack affected 1,590 wallets, or 1.3% of all CoinStats wallets, according to the company. 

Since the breach, the company has completely rebuilt its platform environment, "ensuring no parts of the old infrastructure were used to guarantee the integrity of the new setup," and has contracted new infrastructure auditors. As a result, the platform is back to full operation, and though the company hasn't found evidence of user data being stolen, the report warns CoinStats users to beware of potential phishing attacks to CoinStats-related email addresses as a precaution. 

The company has also set up a form, due by August 15, for victims of the attack to identify themselves in order to be eligible for "any future support from the CoinStats team," though the company declined to share any specific details regarding reimbursement of stolen funds. 


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Zack Abrams is a writer and editor based in Brooklyn, New York. Before coming to The Block, he was the Head Writer at Coinage, a Web3 media outlet covering the biggest stories in Web3. The story he co-reported on Do Kwon won a 2022 Best in Business Journalism award from SABEW. Other projects included a deep dive into SBF's defense based on exclusive documents and unveiling the identity of the hacker behind one of 2023's biggest crypto hacks — so far. He can be reached via X @zackdabrams or email, [email protected].