Wallet is under attack and asks users to move their cryptocurrencies immediately

Wallet is under attack and asks users to move their cryptocurrencies immediately

a Coin statisticsa portfolio manager who also acts as a wallet, found a vulnerability on your app this Saturday (22). As a preventive measure, the developers asked users move their cryptocurrencies to other wallets.

“We are experiencing a security incident impacting wallets created directly on CoinStats; This does not affect externally connected wallets.”CoinStats wrote on social media. “If you have exported your private key, please move your funds as soon as possible.”

According to an address sheet shared by the team, 1,590 Bitcoin, Ethereum and other cryptocurrency wallets were affected. However, some users outside this list have also reported losses.

🔔 Join our WhatsApp group and stay informed.

CoinStats explains the vulnerability in its wallet

In another tweet, the developers report that hackers have used the flaw to send notifications to CoinStats users. The text promised a prize in cryptocurrencies, but it was just a scam.

“Some iOS users received a fraudulent notification. We are investigating this.”

The notice congratulated the investor on the win 4.2 ETH (R$80,000) and recommended downloading another wallet to receive it. Such a wallet was used by hackers to steal money after the private keys were imported.

Although the team only mentions iOS, the operating system used on iPhones, other people say they received the same message on Android phones.

The attack looks like one old vulnerability in Electrum, famous Bitcoin wallet. In 2018, some investors received a pop-up stating that the wallet needed to be updated for security reasons.

However, the link in the message was unofficial and led to users downloading a fake application used to steal victims’ bitcoins.

Both cases therefore serve as a warning to investors not to act hastily. In other words, it is recommended to always check the official website and social networks of the wallet to find out if the notification is true.

CoinStats deactivates your wallet

Updating the case, the developers claim that they have temporarily disabled the wallet so that other investors don’t fall for the scam. According to the announcement, around 1.3% of users were affected by the error, but the figures may be updated in the future.

“The attack has been mitigated and we have temporarily shut down the app to isolate the security incident.”

“Only 1.3% of all CoinStats wallets were affected, a total of 1,590 wallets”the team continued. “If your wallet address is on this affected list, move your funds immediately using the private key export feature.”

At the time of writing, there is no information about the amount stolen and the developers have not commented on refunds.

Source: Live Coins