CoinStats, a platform that allows users to track their crypto holdings across wallets and exchanges, disclosed that a security incident over the weekend impacted some user wallets.

The team behind CoinStats advised users to move their funds as soon as possible if they had exported their private keys in an X post on Saturday. They disclosed a security incident that supposedly impacted only externally connected wallets.

Within a few hours, CoinStats swiftly and decisively mitigated the attack. They transparently revealed that 1,590 wallets had been compromised and promptly shared a list of wallet addresses that were impacted.

The team also took the proactive step of temporarily shutting down the platform to isolate the incident, demonstrating their commitment to user safety.

"We ensure the safety of your funds by obtaining read-only access, which allows us to display your balances and transactions without having the authority to conduct any transactions or make changes to your account," reassures the CoinStats website, which also promises users military-grade encryption, reaffirming their commitment to user security.

While CoinStats claims no externally connected wallets were impacted, some users say otherwise. However, at the time of writing, it was unclear if these users had set their API permissions for external wallets to read-only access.

The attack comes after some iOS users received a phishing notification from the CoinStats app. The notification invited them to connect to an AirScout wallet to claim a 14.2 ETH reward to celebrate 2 million users. This link led them to a malicious website that drained funds from connected wallets.

More concerningly, some users who claimed to have not received any scam notifications still reported that their wallets were drained.

According to CoinStats CEO Narek Gevorgyan, the total amount drained from the affected wallets is around $2 million. The majority of the stolen funds reportedly belonged to two wallets that imported their seed phrases to CoinStats.

"We also have significant evidence to assume that the attack was a part of this group of hacks, as described by the FBI report, with ties to North Korea," said Gevorgyan, underlining the gravity of the situation and the need for immediate action.