- CertiK has revealed that two CoinStats exploit wallets have moved 311 ETH ($959K) to Tornado Cash.
- CoinStats breach on June 22 affected 1,590 wallets after AWS was hacked via social engineering.
- CoinStats resumed full operations on July 3 amid intense investigations.
Blockchain security firm CertiK has revealed that two wallets linked to the recent CoinStats exploit transferred 311 ETH, worth about $959,000, to Tornado Cash.
The security breach, which occurred on June 22, affected 1,590 crypto wallets managed by CoinStats resulting in the company promptly suspending user activity and shutting down the application to isolate the security incident.
CoinStats still conducting investigations into the incident
Since the breach, CoinStats has been taking significant steps to secure its platform.
On June 30, the company announced that it was optimizing its transaction database and transitioning to a new platform aimed at enhancing efficiency and reliability. It also said that upgrades and audits were underway to bolster the security of their systems.
Quick updates! Currently, we’re focused on:
– Optimizing our transaction database and migrating to a more robust platform for improved efficiency and reliability.
– Enhancing our security systems with upgrades and audits to ensure top-notch data protection.
— CoinStats (@CoinStats) June 30, 2024
After a period of intense scrutiny and effort to address the vulnerabilities, the company on July 3 announced that its app had recovered full functionality.
All functionalities on CoinStats are now fully recovered and functional.
Thank you for your patience and support! 🤝
— CoinStats (@CoinStats) July 3, 2024
The most recent update from CoinStats, as of today, stated that the investigation is ongoing.
The firm is committed to ensuring that its new infrastructure is robust and secure, promising to share additional information, including victim support measures, soon.
Movement of funds to Tornado Cash raises alarm
Even as the investigations continue, the movement of 311 ETH by the exploiters to Tornado Cash by the exploited wallets has raised alarm bells.
Tornado Cash, a cryptocurrency mixing protocol, anonymizes transactions by combining identifiable funds with many others, making it a favored tool for laundering illicit gains.
CertiK’s report highlighted that one wallet transferred 211 ETH, while another sent 100 ETH to the mixer.
The community has reacted strongly to the breach, with some users reporting significant losses. One wallet allegedly lost almost $9 million in Maker (MKR), underscoring the severe impact of the exploit.
However, CoinStats has been transparent in its communication, detailing the steps taken to mitigate the attack and improve security.