On Saturday, some users of the CoinStats app received a notification claiming they had won ETH. While this notification was in fact a scam, 1,590 wallets are currently at risk of losing funds. What’s going on?
A security breach at CoinStats affects many users
On Saturday evening, some users of the CoinStats app on iOS may have received a notification claiming that they had won ETH as a reward in a prize draw. In reality, this was a fraudulent notification designed to steal cryptocurrencies from targeted users:
https://twitter.com/CoinStats/status/1804579591698120760
In short, CoinStats is an app that allows users to track all their cryptocurrency assets, in particular by connecting their exchange accounts or entering their non-custodial addresses.
Later that night, the service teams posted an update on the incident. They stated that connected addresses and funds held on centralized exchanges (CEX) were safe, however, private keys imported or generated in the app could be at risk:
Thanks to the CoinStats team’s immediate response to the incident, only 1.3% of all CoinStats wallets were affected, totaling 1,590 wallets. The list may change as the investigation continues, but we do not expect any significant changes.
Therefore, it is recommended that anyone with an address on the list shared by CoinStats move their funds to a secure address as soon as possible to avoid losses. At the same time, the app’s website has been suspended until the situation is resolved:
At the time of writing, CoinStats had not yet shared the extent of the damage caused by this security breach, nor how the hack was carried out to send notifications to users.
