CoinStats, a popular cryptocurrency portfolio tracking application, confirmed on June 22 that it suffered a security breach affecting approximately 1,590 wallets, representing about 1.3% of all CoinStats wallets. The company immediately suspended all user activity and shut down the application to contain the incident. The CoinStats team stated that suspected North Korea-linked hackers are believed to be responsible for the attack.
Breach Details and Impact
The breach impacted wallets created directly within CoinStats, while connected wallets and centralized exchange accounts remained unaffected. The team urged users whose wallet addresses appear on the affected list to promptly transfer their funds using their exported private keys. “We are actively investigating the extent of funds moved and will provide updates as soon as they become available. We’re actively working to bring the app back online as quickly as possible. Thank you for your patience,” the CoinStats team said in a statement.
CEO Update on Recovery
In an update shared via Telegram, CEO Narek Gevorgyan revealed that CoinStats is restoring the production environment by implementing all necessary security measures to isolate the attackers. Gevorgyan stated that the process is expected to take approximately 24 hours.
Suspected North Korea Connection
The update also asserted that CoinStats has collected evidence suggesting the attack was perpetrated by a group known to have connections with North Korea. This aligns with a pattern of state-sponsored hacking groups, such as the Lazarus Group, targeting cryptocurrency platforms to steal funds for the regime. The incident highlights ongoing security risks in the crypto space, even for non-custodial tracking applications.
CoinStats is a widely used tool that allows users to connect their wallets and exchange accounts to monitor their entire cryptocurrency portfolio in one place. Following the breach, users are advised to remain vigilant, regularly back up private keys, and consider using hardware wallets for long-term storage. The company is cooperating with cybersecurity experts and law enforcement to investigate the attack.

