CoinStats, an established crypto-tracking program, has provided more details about its June security problem. The company believes the attack was carried out by the infamous Lazarus outfit or another hacking outfit funded by a nation-state. 

The company noted in a recent incident report that a ” sophisticated (and we believe nation-state affiliated) attacker managed to access private keys of exactly 1590 CoinStats Wallets, resulting in the theft of approximately $2.2 million worth of cryptocurrency.” 

Through collaboration with law enforcement and security researchers, we gathered enough evidence to confidently attribute the attack to the Lazarus Group or a related organization with a nation-state level of sophistication and resources.

CoinStats

The company noticed unusual activity connected to transfers involving the third-party supported, non-custodial CoinStats Wallet at 18:00 UTC on June 22, 2024. CoinStats promptly suspended the entire site to conduct a full investigation and notified the third-party wallet service provider to take any necessary action. 

According to the report, the attacker was able to compromise many services connected to CoinStats’ storage of user-created wallet private keys “…through a combination of unauthorized intrusions across multiple services, including outside of CoinStats.”

According to the report, professionals such as ZachXBT and MetaMask lead security researcher Taylor Monahan are currently tracing the cash, and the attack has been reported to law authorities. 

We enlisted the help of leading security researchers by the help of Security Alliance, including renowned experts like ZachXBT and Tay (Head of Security at MetaMask), to trace the stolen funds. Still ongoing. […] We reported the security incident to local law enforcement and the FBI.

CoinStats

According to the report, the attacker was able to compromise many services connected to CoinStats’ storage of user-created wallet private keys “…through a combination of unauthorized intrusions across multiple services, including outside of CoinStats.”

According to the report, professionals such as ZachXBT and MetaMask lead security researcher Taylor Monahan are currently tracing the cash, and the attack has been reported to law authorities.

CoinStats urged users to transfer assets out of wallets created on the platform in June after an attacker hijacked it and delivered fake notifications to mobile users. According to the entity, the hack impacted 1,590 wallets or 1.3% of all CoinStats wallets.

Since the breach, the company has entirely rebuilt its platform environment, “ensuring that no parts of the old infrastructure were used to guarantee the integrity of the new setup,” and hired new infrastructure auditors. 

As a result, the site is back in full function, and while the business has found no evidence of user data theft, the report urges the company’s users to be wary of potential phishing attacks on companys-related email addresses as a precaution.

The company has also set up a form for victims of the attack to identify themselves by August 15 to be eligible for “any future support from the team,” though the company declined to reveal any particular specifics about stolen money reimbursement.