BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?



Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets

CoinStats says North Korean hackers drained $2 million in virtual assets from 1,590 cryptocurrency wallets.

Cryptocurrency portfolio manager CoinStats resumed activity on Monday after hackers drained over $2 million in virtual assets from 1,590 hosted wallets.

The incident occurred on Friday and prompted CoinStats to shut down its application to mitigate the attack.

Because CoinStats asks for read-only access to connected wallets, only some of those created directly within CoinStats were affected by the hack.

“None of the connected wallets and CEXes were impacted. Thanks to the immediate incident response from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes,” the platform announced over the weekend.

Shortly before the hack, some of the impacted users received phishing messages from the CoinStats application. A link in those messages took the users to a malicious website.

However, not all the affected users received the phishing message and some of them complained that their wallets were not in the list of impacted ones that CoinStats had published.

On Saturday, CoinStats’ CEO Narek Gevorgyan revealed on X that the amount drained from the wallets would be of around $2 million, with $800,000 stolen from two wallets that imported their seed phrases to CoinStats Wallet.

In a separate post on the social media platform, he noted that the collected evidence suggested that North Korean hackers were responsible for the attack, specifically the notorious Lazarus Group.

Advertisement. Scroll to continue reading.

Since at least 2017, North Korea-linked state-sponsored hackers have stolen over $3 billion in cryptocurrency, siphoning over $1.7 billion in 2022 alone, Recorded Future showed in a December 2023 report.

“We’re back online! Not all functionalities are active right now, and we’re slowly activating them to ensure a smooth and stable experience for everyone,” CoinStats said on Monday, promising additional information on the incident once the investigation has been completed.

CoinStats allows users to connect their wallets to view them in a single place for easier tracking. Since only read-only access is required for these connections, users’ funds are never at risk of hacking, the platform says.

Related: US Seizes $1.4 Million in Cryptocurrency From Tech Scammers

Related: Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping

Related: $200 Million in Cryptocurrency Stolen in Mixin Network Hack

Related: SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights