Suspected North Korean Attack Drains $2m from CoinStats Wallets
A popular cryptocurrency portfolio management specialist has revealed a major cyber-attack which impacted 1590 of its customers’ crypto wallets.
CoinStats describes itself as a leading crypto market tracker, providing customers with visibility into over 300 wallets and exchanges, 1000+ DeFi protocols and over 20,000 cryptocurrencies,
Users can also create CoinStats wallets hosted by the firm, of which there are around 120,000. It is these that were impacted by the attack, rather than any third-party wallets customers may have linked to their account.
CoinStats revealed the incident on X (formerly Twitter) and urged customers: “If you have your private key exported, move your funds ASAP.”
Read more on North Korean crypto attacks: UN Links North Korea to $281m Crypto Exchange Heist
Just two hours later, it claimed to have mitigated the incident and temporarily shut down the application.
“Thanks to the immediate incident response from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totalling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes,” it explained.
Update on the Security Incident
The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident.
1. None of the connected wallets and CEXes were impacted.
2. Thanks to the immediate incident reponse from the CoinStats team,…
— CoinStats (@CoinStats) June 22, 2024
The firm’s CEO, Narek Gevorgyan, also took to X to share his thoughts on the threat actors behind the attack.
“We also have significant evidence to assume that attack was a part of this group of hacks, described by FBI report with ties to North Korea,” he said.
“Although the affected wallet list has already been public for a while, wanted to share that the total drained amount from all the wallets is around $2m. Around $800,000 of which are two wallets who imported their seed phrases to CoinStats Wallet.”
Gevorgyan promised a “detailed and transparent report on the hack” in due course.
North Korean is a prolific stealer of cryptocurrency, which it uses to fund its nuclear and ballistic missile program.
An unnamed US diplomat claimed last year that the hermit nation makes around half of its foreign-currency income from cyber-attacks on cryptocurrency and related targets. The UN has estimated the Kim Jong-un regime has amassed billions in this way over the past few years.