Cryptocurrency portfolio manager CoinStats resumed activity on Monday after hackers drained over $2 million in virtual assets from 1,590 hosted wallets.
The incident occurred on Friday and prompted CoinStats to shut down its application to mitigate the attack.
Because CoinStats asks for read-only access to connected wallets, only some of those created directly within CoinStats were affected by the hack.
“None of the connected wallets and CEXes were impacted. Thanks to the immediate incident response from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes,” the platform announced over the weekend.
Shortly before the hack, some of the impacted users received phishing messages from the CoinStats application. A link in those messages took the users to a malicious website.
However, not all the affected users received the phishing message and some of them complained that their wallets were not in the list of impacted ones that CoinStats had published.
On Saturday, CoinStats’ CEO Narek Gevorgyan revealed on X that the amount drained from the wallets would be of around $2 million, with $800,000 stolen from two wallets that imported their seed phrases to CoinStats Wallet.
In a separate post on the social media platform, he noted that the collected evidence suggested that North Korean hackers were responsible for the attack, specifically the notorious Lazarus Group.
Since at least 2017, North Korea-linked state-sponsored hackers have stolen over $3 billion in cryptocurrency, siphoning over $1.7 billion in 2022 alone, Recorded Future showed in a December 2023 report.
“We’re back online! Not all functionalities are active right now, and we’re slowly activating them to ensure a smooth and stable experience for everyone,” CoinStats said on Monday, promising additional information on the incident once the investigation has been completed.
CoinStats allows users to connect their wallets to view them in a single place for easier tracking. Since only read-only access is required for these connections, users’ funds are never at risk of hacking, the platform says.
Related: US Seizes $1.4 Million in Cryptocurrency From Tech Scammers
Related: Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
Related: $200 Million in Cryptocurrency Stolen in Mixin Network Hack
Related: SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency
