CoinStats Exploiter Funnels Close to $1M through Tornado Cash

UTC by Leon Okwatch · 3 min read
CoinStats Exploiter Funnels Close to $1M through Tornado Cash
Photo: Depositphotos

The recent transfers represent a deliberate attempt by the exploiter to launder the stolen funds.

Wallets linked to the CoinStats exploiter have moved nearly $1 million in Ether (ETH) into the cryptocurrency mixing protocol Tornado Cash. Blockchain security firm CertiK flagged that two wallets associated with the June CoinStats exploit transferred 311 ETH, worth approximately $959,000, to Tornado Cash. One wallet moved 211 ETH, while the other sent 100 ETH to the crypto mixer.

The recent transfers represent a deliberate attempt by the exploiter to launder the stolen funds. Crypto mixers like Tornado Cash are designed to enhance privacy by obfuscating the trail of cryptocurrency transactions. They work by pooling together multiple transactions from different users and then redistributing the funds in a way that makes it difficult to trace the source.

Tornado Cash’s popularity amongst scammers has grown rapidly. The platform is currently a subject of heightened regulatory scrutiny, with its co-founder Alex Pertsev facing multiple charges under several jurisdictions.

Revisiting the CoinStats Hack

The CoinStats hack, which came to light on June 22, 2023, compromised 1,590 crypto wallets, resulting in a loss of approximately $2 million. CoinStats, a popular cryptocurrency portfolio manager, swiftly suspended user activity upon discovering the breach, isolating the incident to prevent further damage. The company reported that only 1.3% of all CoinStats wallets were affected, and none of the connected wallets or centralized exchanges (CEXes) were impacted.

The breach was attributed to a CoinStats employee who had been socially engineered into downloading malicious software onto their work computer. This allowed the attackers to infiltrate CoinStats’ AWS infrastructure, gaining unauthorized access to users’ wallets. Social engineering, a common tactic among hackers, involves manipulating or deceiving individuals to gain control over their computer systems.

CoinStats CEO Narek Gevorgyan emphasized the company’s commitment to supporting the victims and promised a thorough post-mortem analysis to determine a detailed plan of action. Although there was no explicit promise of refunds, Gevorgyan assured users that CoinStats would discuss options to support those affected by the hack. With the exploited currently leveraging Tornado Cash, hopes of recovering the stolen funds continue to dwindle.

Growing Number of Crypto Hacks

The cryptocurrency sector has seen a worrying rise in exploits and thefts. Blockchain research firm TRM Labs reported that global losses from crypto theft in the first half of 2024 exceeded $1.38 billion. This marks more than double the amount lost in the same period the previous year, signaling a significant increase in cybercriminals targeting digital assets.

Phishing attacks, where hackers deceive victims into revealing their private keys or personal information, are responsible for a significant portion of the hacks. Blockchain security experts emphasize the need for enhanced security measures and vigilance within the cryptocurrency community.

Cybersecurity News, News, Technology News
Related Articles