CoinStats exploiter moves almost $1M to Tornado Cash


Wallets linked to the CoinStats exploiter were seen moving almost $1 million in Ether  into the cryptocurrency mixing protocol Tornado Cash. 

Blockchain security firm CertiK flagged that two wallets linked to the CoinStats exploit in June have transferred 311 ETH, worth about $959,000, to Tornado Cash. One wallet moved 211 Ether (ETH), while the other sent 100 ETH to the crypto mixer.

Wallet linked to CoinStats exploit transfers 211 ETH to Tornado Cash. Source: Etherscan

Crypto mixers keep transactions private by combining potentially identifiable funds with many other funds. This anonymizes fund transfers between services and is often used by hackers to launder their ill-gotten gains.

CoinStats security breach affected 1,590 wallets

On June 22, crypto portfolio manager CoinStats suspended user activity following a breach that affected 1,590 crypto wallets. The company announced that it had shut down the application to “isolate the security incident.”

The firm said the attack had been mitigated and noted that “none of the connected wallets and CEXes were impacted.” The company urged affected users to move their funds using their exported private keys.

On June 30, CoinStats said they are optimizing their transaction database and transferring to a different platform to improve efficiency and reliability. The company also said they’re enhancing systems with upgrades and audits.

Source: CoinStats

On July 3, CoinStats announced that functionalities on its platform have recovered and are fully operational.

Related: Proposed US Blockchain Integrity Act would ban crypto mixers for 2 years

CoinStats hack caused by “socially engineered” employee

On June 26, CoinStats CEO Narek Gevorgyan revealed some investigation details. According to Gevorgyan, their infrastructure was hacked, with evidence suggesting that one of their employees was tricked into downloading malicious software into a work computer. Gevorgyan said:

“Our AWS infrastructure was hacked, with strong evidence suggesting it was done through one of our employees who was socially engineered into downloading malicious software onto his work computer.”

The executive also empathized with those who lost their funds in the attack and highlighted that they would support the victims and have already discussed their options.

Community members reported millions in losses, with one wallet allegedly losing almost $9 million in Maker (MKR).

In a July 5 update, CoinStats highlighted that it is still investigating the incident and is taking action to ensure its new infrastructure is secure. The firm said they will share additional information soon, including victim support measures.

Magazine: ‘Raider’ investors are looting DAOs — Nouns and Aragon share lessons learned





Also Read More: World News | Entertainment News | Celeb News

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

IRS releases draft of 2025 digital asset reporting form for US taxpayers

The United States Internal Revenue Service (IRS), the country’s tax service, has…

Ernst & Young taps ZK-proofs on Ethereum to automate contracts

Big Four accounting firm Ernst & Young has launched an Ethereum-based solution…

Bitget reports $700M capital inflow in Q2, adds 2.9M users

Crypto exchange Bitget reported a $700 million capital inflow and increased website…

Largest Bitcoin mining firm sold 63% of mined BTC in May

Mining firm Marathon Digital has sold over 60% of all Bitcoin it…