CoinStats, which serves as a multifunctional cryptocurrency portfolio tracker, shared on Saturday that a phishing incident impacted 1,590 cryptocurrency wallets, representing about 1.3% of all wallets on the platform. The organization has temporarily taken its services offline to address the security issue.
This incident came on the heels of another phishing attack that targeted MakerDAO governance delegates earlier in the same week. As the popularity of cryptocurrencies grows, so do the number of scams.
The attack was first brought to light on June 22 when CoinStats revealed that some iOS users had received a deceptive notification. The team swiftly confirmed the breach and advised users to secure their funds using a previously saved private key.
An Evolving Story
Per CoinStats' latest update, the situation is now under control, and the team is making efforts to relaunch the app safely and promptly. Crucially, they assure that wallets or centralized exchanges (CEXes) linked to the platform were not affected.
CoinStats reiterated the necessity for users to relocate their assets to a more secure environment. They provided a link to a Google Doc listing the wallet addresses potentially affected, while flagging that the list may evolve as the investigation unfolds.
CoinStats is diligently striving to restore the app's full functionality. However, no specific timeline has been given for when services will be fully operational again.
CoinStats wasn’t the sole target of phishing efforts over the weekend. Concurrently, a crypto wallet suffered a phishing breach, leading to an $11 million loss.
Scam Sniffer, an entity dedicated to safeguarding users from phishing and other digital scams, reported that the victim wallet owner had inadvertently signed multiple phishing-gathered signatures, resulting in the loss of 3,657 MKR and 1.2 million USDe on Pendle.
Further analysis by Arkham Intelligence identified the wallet's owner as a MakerDAO governance delegate.
A MakerDAO governance delegate is an active participant in the MakerDAO community, involved in the project’s governance through proposal voting and decision-making pertaining to the Maker protocol. These delegates are vital for the protocol's governance and play an essential role in maintaining its security.
Post the cyber incident, the value of MakerDAO’s governance token, MKR, saw a nearly 10% downturn after the hacker allegedly exchanged the stolen tokens for Ether (ETH).
BtcTurk Hit by Security Breach
During that same weekend, the Turkish crypto trading platform BtcTurk also reported a compromise. On June 22, vulnerabilities to 10 of its hot wallets were unveiled, although they assured that cold wallets stayed protected. Nonetheless, this led to substantial financial losses.
Blockchain investigator ZachXBT connected the timeline of the BtcTurk breach with a large movement of Avalanche (AVAX) tokens. Tokens worth an estimated $54.2 million were moved and sold on exchanges such as Binance, Coinbase, and THORChain.
Upon the attack's exposure, leading exchange Binance announced its support for BtcTurk. Binance’s CEO, Richard Teng, stated that they had frozen over $5.3 million worth of stolen AVAX.
“We're working with BtcTurk on this and have frozen over $5.3M of the stolen assets. Our security teams are on alert around the clock, as part of our active measures to shield the crypto ecosystem from threats. Further updates will follow as necessary,” reported Teng.
Subsequent to the breach, AVAX's market valuation took a 10% hit. As of current, AVAX is trading at about $24.3, down 6% over the past day. ZachXBT conjectured the price drop stemmed from the BtcTurk hack.
BtcTurk's breach is part of a larger pattern of recent crypto exchange attacks, amongst which is the notable $305 million intrusion of DMM Bitcoin exchange in Japan, alongside ongoing debates over security firm CertiK’s review of the Kraken exchange.
