In late June 2024, CoinStats, a prominent crypto portfolio manager, suffered a significant security breach resulting in the compromise of 1,590 wallets. The attack, reportedly facilitated by social engineering tactics, allowed hackers to steal approximately $2 million in cryptocurrency assets. CoinStats CEO Narek Gevorgyan revealed that the breach stemmed from a compromise of their AWS infrastructure, with evidence pointing to an employee being deceived into downloading malicious software.
Following the incident, Gevorgyan took to social media to outline the findings of an internal investigation, attributing the breach to a sophisticated social engineering attack. Despite swift action by CoinStats, which limited the hacker to accessing only 1.3% of their wallets, concerns mounted among users and the broader crypto community regarding the security of digital assets.
Reports emerged indicating broader implications beyond the initial disclosures, with claims of larger losses incurred by some users than initially reported by CoinStats. For instance, a wallet associated with Blurr.eth allegedly lost $8.7 million worth of MKR tokens, causing a short-term decline in MKR’s price due to subsequent token sales by the hacker.
The CoinStats incident is part of a concerning trend in the crypto industry, where security breaches, including social engineering attacks, are increasingly prevalent. Just weeks prior, CoinGecko experienced a similar breach through a third-party service provider, highlighting vulnerabilities across the ecosystem. The prevalence of such attacks has contributed to substantial financial losses in 2024, with reports indicating over $473 million lost to crypto hacks by mid-year.
Despite the setbacks, Gevorgyan expressed regret over the incident and hinted at potential measures to support affected users, though specific details on compensation were not immediately clarified. The breach underscores the ongoing challenges faced by crypto service providers in safeguarding user assets amidst evolving cyber threats and highlights the imperative for enhanced security measures and user awareness within the crypto community.