Crypto portfolio tracking platform Coinstats has confirmed a security breach that affected approximately 1,590 wallets, representing about 1.3% of all Coinstats wallets. In response, the company said it immediately suspended all user activity and temporarily shut down its application in an effort to contain the incident.
Breach Limited to Wallets Created Within Coinstats
According to the company’s June 22 disclosure, the incident impacted wallets that were created directly inside Coinstats. By contrast, connected wallets and accounts held on centralized exchanges were not affected, based on the information the team has released so far. This distinction is important for users trying to assess exposure, as it suggests the breach was limited to a specific part of the platform’s wallet infrastructure rather than all assets tracked through the app.
Coinstats urged users whose wallet addresses appear on the affected list to move their funds immediately using their exported private keys. That recommendation signals that the company believes prompt self-custody action is the best available step for at-risk users while the investigation remains ongoing.
App Taken Offline as Investigation Continues
The company said it is still working to determine the full extent of the incident, including how much crypto may have been moved as a result of the breach. Coinstats added that it would provide further updates once more information becomes available.
At the same time, the team said it is working to restore the app as quickly as possible. Taking the application offline and pausing user activity appears to be part of a broader containment strategy designed to stop any further unauthorized access while engineers and security staff assess the scope of the damage.
For users, the temporary shutdown means disruption not only to wallet-related functions but also to portfolio tracking workflows that rely on Coinstats as a central dashboard. Still, the company’s immediate messaging has prioritized security containment over service continuity.
CEO Says Production Environment Is Being Restored
In an update shared via Telegram, Coinstats CEO Narek Gevorgyan said the company was restoring its production environment and implementing all necessary security measures to isolate the attackers. He said the process was expected to take around 24 hours.
That statement indicates the response has moved beyond initial emergency controls and into a recovery phase, where the company is attempting to re-establish operations under tighter security conditions. However, Coinstats has not yet disclosed detailed technical information about the attack vector, the systems involved, or whether any vulnerabilities have been fully remediated.
Evidence Points to Suspected North Korea-Linked Attackers
One of the most closely watched elements of the incident is Coinstats’ claim that it has gathered evidence suggesting the attack was carried out by a group with connections to North Korea. The company did not identify the group by name, nor did it publish the evidence behind that assessment in the update cited in the report.
Even so, the allegation is likely to draw attention given the long-standing concerns around sophisticated cyberattacks targeting digital asset platforms. At this stage, the attribution remains based on Coinstats’ own stated findings, and further details may be needed before outside observers can independently assess that conclusion.
What Users Should Watch Next
With the application temporarily offline, affected users will likely be focused on three immediate issues: whether their wallet addresses are on the impacted list, whether funds have already been moved, and when the platform will safely return to normal operation. Coinstats has advised potentially affected users to act quickly by transferring funds through exported private keys, making speed a critical factor in reducing risk.
More broadly, the episode highlights the operational and security challenges facing crypto apps that combine portfolio tracking with wallet functionality. Even when a breach is limited to a subset of products or users, the consequences can be serious if wallet infrastructure is involved. In this case, Coinstats has stressed that the impact was confined to wallets created within the app and did not extend to connected wallets or centralized exchange accounts.
Until the company releases a fuller post-incident report, the market will be watching for several unanswered questions: how much value was ultimately affected, what exact vulnerability was exploited, how Coinstats plans to harden its systems going forward, and whether additional user protections will be introduced after the service is restored.
For now, the clearest facts remain the company’s own disclosures: 1,590 wallets were impacted, the app has been temporarily shut down, and users on the affected list have been told to move their funds immediately. Further updates from Coinstats will likely determine how the incident is judged by both users and the broader crypto industry.

