Article 6NV52 The CoinStats Hack: CEO Points Fingers at ‘Socially Engineered’ Employee

The CoinStats Hack: CEO Points Fingers at ‘Socially Engineered’ Employee

by
Rida Fatima
from Techreport on (#6NV52)
0_3-9-1200x686.png

On June 22, CoinStats, a crypto portfolio manager, halted its services after an attack on its wallets. Due to the firm's swift action, the hacker could only access 1.3% of all CoinStats wallets, carting away $2 million in crypto assets.

Although the affected wallet list has already been public for a while, wanted to share that the total drained amount from all the wallets is around $2m.

- narek (@narek_gevorgyan) June 23, 2024

According to CoinStats CEO Narek Gevorgyan, the hack, which affected 1,590 crypto wallets, is reportedly connected to a social engineering attack. The hacker deceived a CoinStats employee into downloading malicious software on his computer.

CoinStats to Support Victims of Suspected Social Engineering Hack

Five days after the incident, on June 26, Gevorgyan took to X to table the discoveries of an internal investigation into the hack. The CEO said the hack resulted from a compromise of CoinStats' AWS infrastructure, noting that evidence points towards a social engineering attack targeted at a CoinStats employee.

What a week it's been.

I've been working diligently on CoinStats for the last 6 years. We've experienced many highs and lows, but I believe we've created the best portfolio tracker on the market.

Our AWS infrastructure was hacked, with strong evidence suggesting it was done...

- narek (@narek_gevorgyan) June 26, 2024

In context, social engineering is one of the most used hack tactics. It allows hackers to manipulate or deceive victims into giving them access to their computer systems.

The CEO tweeted that one of their employees met a similar fate. This allowed the criminals to access and steal funds from 1,590 CoinStats Wallets. The CEO's tweet did not directly mention refunding affected users. However, he noted that CoinStats regrets the incident and is discussing possible ways to support the hack victims.

Meanwhile, reports from community members reveal the recent hack resulted in greater losses than what CoinStats disclosed. According to a Wu Blockchain report, a wallet linked to Blurr.eth supposedly lost 3,657 MKR tokens, worth around $8.7 million.

Wu Blockchain noted that the hacker sold the stolen Maker (MKR) coins on the chain for 2,482 Ether. This token dump resulted in a 7% short-term price decline for MKR. However, CoinStats has yet to comment or accept the claims.

Similar Recent Crypto Hacks

The rising incidence of security breaches has sparked concerns among crypto users and service providers. Reports show the crypto industry has lost millions of dollars in assets to such activities.

Social engineering attacks are becoming increasingly popular among these attacks. One of the most recent ones is the CoinGecko data breach, which occurred in June. Reports indicate that the attackers breached the popular crypto data aggregator through a third-party email marketing platform, GetResponse.

The CoinGecko breach occurred via a similar tactic to the CoinStats hack. According to CoinGecko's June 7 announcement, the hacker compromised a GetResponse employee's email account. The GetResponse team confirm the data breach on June 6 at 11:58 AM UTC.

Due to the breach, sensitive user information such as user names, IP addresses, email addresses, and other metadata, including subscription plans and sign-up dates, were compromised.

Screenshot-2024-06-28-at-2.25.13%E2%80%A

According to data from blockchain security firm Immunefi, crypto hack cases in 2024 led to losses of more than $473 million as of May 2024. While this figure is significantly large, it represents an approximately 20% decrease from the $595.4 million losses recorded over the same period in 2023.

About $73.6 million were lost to crypto hacks and rug pulls in April 2024 alone, and over $52.3 million in May.

The post The CoinStats Hack: CEO Points Fingers at Socially Engineered' Employee appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments