CoinStats breach exposes 1,590 crypto wallets via alleged social engineering attack. Learn how it happened and what it means for the crypto industry

Continue reading
On June 22, 2024, CoinStats, a popular cryptocurrency portfolio management app, faced a significant security breach compromising 1,590 crypto wallets. This incident not only disrupted services temporarily but also raised serious questions about the security measures of cryptocurrency platforms.
The following Threatfeed analysis will meticulously dissect the critical nuances of this cryptocurrency breach of this year, its technical aspects, and the broader implications
CoinStats Breach
The breach initially surfaced on June 22, leading to the temporary suspension of CoinStats services. The attack was limited to 1.3% of all wallets, resulting in a loss of approximately $2 million.
A detailed investigation revealed that the attack was orchestrated by compromising an employee's computer through social engineering, which led to the infiltration of their AWS infrastructure.
CoinStats shared a list of impacted wallets, but some users reported thefts from wallets not on the list. Thus, the breach's scope might be larger than verified.
Technical Details of the Breach
The attack exploited social engineering tactics to install malicious software on an employee's computer. This allegedly allowed the attacker to obtain unauthorized access to the AWS environment where CoinStats' wallet data was stored. Despite prompt action to limit the breach, the attacker managed to access a significant number of wallets .

*CoinStats Post Attack' Status*
Response and Mitigation
CoinStats' response involved immediate shutdown and isolation of affected systems. They published a list of compromised wallets and urged users to transfer their funds to secure external wallets. The company is conducting a thorough post-mortem analysis to refine its security measures and prevent future breaches .
Understanding Social Engineering
Social engineering involves manipulating individuals into performing actions or divulging confidential information. This tactic exploits human psychology rather than technical vulnerabilities, making it a potent weapon for attackers .
Case Study: CoinStats Incident
In the CoinStats breach, the attacker used social engineering to trick an employee into downloading malware according to what was understood on June 26, Narek Gevorgyan, CEO of CoinStats, via there findings of an internal investigation:
_“Our AWS infrastructure was hacked, with strong evidence suggesting it was done through one of our employees who was socially engineered into downloading malicious software onto his work computer.”_
This malware then facilitated unauthorized access to the company's AWS infrastructure. The specifics of the malware used remain unclear, but its impact underscores the effectiveness of social engineering in bypassing technical defenses .
Gevorgyan’s message refrained from promising refunds for all victims, instead indicating that the company will outline a detailed action plan following a comprehensive post-mortem analysis.
_"I empathize with those who lost money; I understand their hardship. CoinStats will support the victims of the hack, and we’ve been exploring various options internally."_
Some community members have reported even more substantial losses. For example, Blurr.eth’s wallet allegedly lost 3,657 Maker tokens, valued at approximately $8.7 million.
Increasing Trend of Security Breaches
The CoinStats incident is not isolated. Other platforms, such as CoinGecko, have also faced security breaches recently. CoinGecko's breach on June 5 involved a compromised employee account on a third-party email management platform, leading to the exposure of user data .
Impact on User Trust and Platform Security
These incidents erode user trust and highlight the need for robust security practices. Users are now more cautious, emphasizing the need for platforms to adopt stringent security protocols, including multi-factor authentication and regular security audits .
Role of Employee Training and Awareness
Educating employees about social engineering tactics is crucial. Regular training sessions and simulated phishing attacks can help build a security-conscious workforce, reducing the risk of similar breaches in the future .
AWS Infrastructure Vulnerabilities
The breach highlighted vulnerabilities in CoinStats' AWS setup. While AWS provides robust security features, improper configuration and inadequate monitoring can lead to significant risks. In this case, the compromised employee credentials allowed the attacker to navigate the AWS environment undetected initially .
Malware and Exploitation Tactics
The malware used in the CoinStats breach was likely designed to evade detection and exfiltrate data stealthily. Analyzing the malware's code and behavior can provide insights into its mechanisms and help develop countermeasures. For instance, using endpoint detection and response (EDR) tools could have potentially identified the unusual activity early .
Mitigation Strategies
Post-breach, CoinStats needs to implement several mitigation strategies:

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been