Security Incident Report
Contents
Incident Overview
On June 22, 2024, at approximately 18:00 UTC, our team at CoinStats detected abnormal activity related to transfers involving the third-party supported, non-custodial CoinStats Wallet. In response to this event, we immediately took down the entire platform to initiate a thorough investigation and contacted the third-party wallet service provider to take any appropriate measures. At around 23:00 UTC we were able to identify and share the list of the affected wallets.
Incident Details
Upon further investigation, we discovered unauthorized access to parts of our infrastructure and third-party service providers, including HashiCorp Vault located in our infrastructure, which secured CoinStats Wallet 2FA keys(PINs) and a 3rd party wallet as a service provider APIs. Despite security protocols in place that segregated access controls and maintained any private keys outside of the control of CoinStats, through a combination of unauthorized intrusions across multiple services – including outside of CoinStats – the sophisticated (and we …
On June 22, 2024, at approximately 18:00 UTC, our team at CoinStats detected abnormal activity related to transfers involving the third-party supported, non-custodial CoinStats Wallet. In response to this event, we immediately took down the entire platform to initiate a thorough investigation and contacted the third-party wallet service provider to take any appropriate measures. At around 23:00 UTC we were able to identify and share the list of the affected wallets.
Incident Details
Upon further investigation, we discovered unauthorized access to parts of our infrastructure and third-party service providers, including HashiCorp Vault located in our infrastructure, which secured CoinStats Wallet 2FA keys(PINs) and a 3rd party wallet as a service provider APIs. Despite security protocols in place that segregated access controls and maintained any private keys outside of the control of CoinStats, through a combination of unauthorized intrusions across multiple services – including outside of CoinStats – the sophisticated (and we …