As part of the issue, cryptocurrency wallets thought to be linked to the CoinStats vulnerability were revealed to have transferred approximately $1 million worth of Ethereum (ETH) to the privacy-focused cryptocurrency transfer protocol Tornado Cash.

Blockchain security company CertiK detected these transfers. Tornado Cash reduces traceability by anonymizing cryptocurrency transfers. This makes it an attractive option for hackers who want to launder the proceeds of theft.

The security vulnerability on the CoinStats platform affected approximately 1,590 cryptocurrency wallets. Following the vulnerability, the company closed the application and suspended user activity to “isolate the security incident.” CoinStats later stated that the attack was stopped and “none of the linked wallets and decentralized exchanges (CEX) were affected.”

However, this statement was not enough to alleviate the concerns of the victims. The company warned affected users to transfer their issued private keys elsewhere to secure their funds.

CoinStats took action after the security vulnerability and took 2 important steps. First, it migrated to a different platform, optimizing its transaction database to increase efficiency and reliability. Secondly, it strengthened its systems with upgrades and audits. These steps are interpreted as an effort to prevent future attacks and ensure platform security.

CoinStats announced on July 3 that functionality on the platform was fully restored and operational. The company’s CEO, Narek Gevorgyan, shared some details about the investigation on June 26.

According to Gevorgyan’s statement, the CoinStats infrastructure was hacked and it is thought that social engineering techniques were used behind the attack. The company alleges that one of its employees was tricked into downloading malware onto his work computer. Gevorgyan said the following on this subject:

“The evidence we have obtained indicates that our AWS infrastructure was hacked when one of our employees was tricked through social engineering techniques into downloading malware onto his work computer.”

Gevorgyan announced that CoinStats empathizes with those who lost funds in the attack and will support the victims. It is known that the company is evaluating options in this regard and holding meetings with the victims.

Community members reported that losses exceeded millions of dollars. One wallet even allegedly lost nearly $9 million in Maker (MKR) tokens.

CoinStats’ July 5 update emphasizes that the investigation is ongoing and they are focused on securing their new infrastructure. The company plans to share additional information in the coming days, including about victim support measures.

These developments show that CoinStats is trying to mitigate the effects of the vulnerability and be better prepared against future attacks. However, questions regarding the fate of the stolen cryptocurrencies and compensation for the victims continue to remain unanswered.