CoinStats, an all-in-one cryptocurrency portfolio tracker, said on Saturday that it was under a phishing attack that affected 1,590 cryptocurrency wallets, accounting for 1.3% of all CoinStats wallets. The company has temporarily shut down its application following a security breach.
The incident followed another phishing attack that targeted MakerDAO governance delegates on Sunday. With more people using cryptos, scams are on the rise.
The attack was first announced on June 22 when CoinStats said some of its iOS users got a scam notification. Shortly after the initial discovery, the team confirmed the security breach and urged users to immediately move their funds using a previously exported private key.
An Evolving Story
According to CoinStats’ latest announcement, the attack is now under control and the team is working to bring the app back online securely and as quickly as possible. Importantly, CoinStats assures users that no connected wallets or centralized exchanges (CEXes) were compromised.
CoinStats reiterated that users should move their funds to a secure location. The team also provided a link to a Google Doc containing a list of potentially affected wallet addresses, but warns this list may change as the investigation continues.
CoinStats is actively working to restore full functionality to the app. No timeline has been provided for when the app will be back online.
CoinStats was not the only entity targeted by phishing attacks this weekend. On the same day, a cryptocurrency wallet reportedly fell victim to a phishing exploit, which led to a loss of $11 million.
The incident was discovered by Scam Sniffer, an account aiming to protect users from phishing attacks and other scams in the Web3 space. Scam Sniffer reported that the owner of the victim wallet had signed numerous phishing signatures, resulting in a loss of 3,657 MKR and 1.2 million USDe on Pendle.
Additional analysis of Arkham Intelligance showed that the wallet’s owner was a MakerDAO governance delegate.
A MakerDAO governance delegate is a member of the MakerDAO community who participates in the governance process through voting on proposals and decisions related to the Maker protocol. These delegates are essential to the functioning of the Maker protocol and play an important role in ensuring its integrity.
The price of MakerDAO’s token, MKR, dropped nearly 10% after the hacker reportedly converted the stolen MKR to Ether (ETH).
BtcTurk Hit by Security Breach
Over the weekend Turkish cryptocurrency exchange BtcTurk also disclosed a security breach. On June 22, the exchange revealed vulnerabilities affecting 10 of its hot wallets. While it assured cold wallets remain secure, the incident seemingly resulted in a major loss.
On-chain detective ZachXBT linked the attack timeframe to a large movement of Avalanche (AVAX) tokens on the blockchain. These tokens, valued at approximately $$54.2 million, were sold across exchanges like Binance, Coinbase, and THORChain.
After the incident surfaced, leading exchange Binance said it was supporting BtcTurk through an announcement. According to Binance CEO, Richard Teng, Binance had frozen over $5.3 million in stolen AVAX transferred to the exchange.
“Binance is assisting BtcTurk with investigations and have frozen over $5.3M in stolen funds so far. Our investigations & security teams work around the clock as part of our proactive efforts to protect the ecosystem from bad actors. We will provide further updates as relevant,” stated Teng.
Following the incident, AVAX’s price dropped 10%. At the time of writing AVAX is trading at around $24,3, down 6% in the last 24 hours. ZachXBT suggested the price decline was linked to the hack on BtcTurk.
BtcTurk’s security breach follows a string of recent attacks targeting crypto exchanges. This includes the $305 million hack of DMM Bitcoin exchange in Japan and the ongoing controversy surrounding security firm CertiK’s appraisal of Kraken exchange.