CoinStats iOS Scam Results in Major User Losses

A security compromise that affected 1,590 wallets, involving fraud notifications, necessitated the temporary shutdown of CoinStats.

On June 22, CoinStats disclosed that 1,590 wallets, which account for 1.3% of all CoinStats Wallets, were affected by a breach. This breach did not affect centralized exchanges (CEXes) or connected wallets.

The iOS fraud known as CoinStats involved a notification that misled users by claiming a false reward. It instructed users to access the CoinStats AirScout wallet by visiting a malicious website.

The CoinStats iOS fraud notification, which was promoted through a push notification and an in-app message, falsely notified users that they had received a 14.2 ETH reward as part of an event commemorating the platform’s 2 millionth user and the introduction of CoinStats AirScout. The message indicated that the CoinStats AirScout Wallet had received the crypto assets of the users.

CoinStats clarified that the compromise was exclusive to wallets generated within their application. The company is currently conducting an investigation into the matter and has advised users with at-risk wallets to promptly transfer their funds using their exported private keys. The company has provided a link to the list of wallets affected by the CoinStats iOS fraud. Users are reassured that there are no anticipated significant changes to this list as the investigation continues.

In spite of CoinStats’ assurances that only internally generated wallets were compromised, allegations on Reddit and X suggest that some externally connected wallets, such as the Trust Wallet and Coinbase Wallet, were also impacted.

Blurr.eth’s wallet, which contained 3,657 Maker (MKR) tokens valued at approximately $8.76 million, was one of the most substantial losses reported. The stolen MKR was sold on-chain for 2,482 Ethereum (ETH).

Also Read: Binance Seizes $5.3 Million in Connection with BtcTurk Exploit Investigation