Overview of the accident
On June 22, 2024, at approximately 18:00 UAE, our team in Coinstats discovered an abnormal activity related to the transfers involved on the Coinstats backed by third -party Coinstats. In response to this event, we immediately paid the entire statute to start a comprehensive investigation and contacted the external portfolio service provider to take any appropriate measures. At approximately 23:00 UAE time, we were able to determine and Involve The affected governor list.
Details of the accident
At further investigation, we discovered unauthorized access to parts of our infrastructure and third -party service prizes, including the Hashicorp cellar in our infrastructure, which has obtained Coinstats Wallet 2FA (PINS) and a third -party wallet as the form of applications programming facades Service. Although the security protocols in place that are separated from controlling arrival and maintained any special keys outside the control of Coinstats, through a mixture of unauthorized interventions through multiple services-in this outside Coinstats- the advanced striker (and we believe that the patriot Follow -up) I managed to reach special keys from the Coinstats 1590 governor, which led to the theft of approximately $ 2.2 million of the encrypted currency. Investigating the full range of breaches is continuing.
In response to this violation, we immediately took the following measures:
- Security experts ’participation: We have recruited the help of prominent security researchers with the help of Security AllianceIncluding famous experts like Zachbt and Tai (Metamask), to track stolen money. It continues.
- Law enforcement: We reported the security incident of local law enforcement and the FBI.
- Platform safety measures: To reduce the attack, we completely rebuild our production environment, and ensure There are no parts of the old infrastructure He was Used to ensure the safety of the new setting, as well as contacts for third parties at risk such as AWS, and deportation to new accounts.
- Comprehensive infrastructure audits: To enhance our new production environment safety, we have taken additional steps, including the employment of first -class external security experts and comprehensive infrastructure audits. More detailed safety updates will be provided with our continued efforts.
Through cooperation with law enforcement and security researchers, we have gathered sufficient evidence for the attack rates with confidence to the Lazaros group or a related organization with the level of the nation -state of development and resources.
No governor or a continuous exchange
We want to assure you that the money in the governor and the exchange accounts related to Coinstations for the purposes of the governor, such as metamask, phantom or Binance, It was not affected by this incident. Since these accounts are not imported through special keys, tracking your wallet is still safe. We just ask for reading only to track the wallet, making sure that your money is not affected.
Now Coinstations work completely
We completely rebuild our production environment, and guarantee Parts of the old infrastructure have not been used To ensure the safety of the new setting. As of July 3, 2024, all jobs are restored on Coinstats completely and are now fully operating.
The following steps
Our current results indicate that the primary goal of the attacker is to steal money. By continuous investigation through our infrastructure, e -mail monitoring, and dark web monitoring, there is currently no evidence of user data theft. However, as a precaution, we advise all users to stay vigilant against potential email attacks and submit a report to us if they receive any suspicious email on the Coinstations email address that has not been leaked in any data violations.
- Be careful of emails from an unfamiliar or suspicious field
- Avoid clicking on links or downloading attachments from unwanted sources
- Be careful of emails that claim to provide the distinctive symbol of air
As an additional precaution, we also implement the following measures that affect the current users:
- Compulsory password update: We impose a more striking password policy that requires all users to update their passwords if they do not comply with the new password policy.
- Tamkeen 2FA: We recommend all Coinstats to enable the authentication of their Coinstats.
The highest degree of transparency
We are committed to maintaining the highest degree of transparency throughout this process. We will make regular updates about our investigation and the measures we take to enhance security. Our goal is to keep you in full knowledge and rebuild your confidence in Coinstats.
Support affected users
We regret the distress caused by this attack to our users. We deeply sympathize with the victims and actively explore ways to support them during this difficult time. This position was a challenge to us as a company, but we are positive and committed to making things right. As a first step, we created a form To identify affected users and check our records.
If your wallet is listed in the affected portfolio list, please make sure that Send the form Before August 15, 2024, 00:00 UTC to be eligible for any future support from Coinstats. Please note that some fields may be optional depending on the estimated loss amount.
We appreciate your understanding and patience and we move through this difficult situation. We ask your constant confidence and support, which is necessary for us to overcome these difficult times. Your faith in us will help us to maintain our site as the best follower of the portfolio and we can provide the necessary support to the victims of this attack.
