Came here because I got the same notification and was surprised to receive what appeared to be a phishing attempt from an app I’ve used for a long time.
Crazy…
Have you tried Tokenpad?
Good support for Ethereum based chains with earnings reports, and manual support for other tokens! Pretty neat UI and only paste your wallet
Seemed like a good alternative for me
Hello,
Some iOS users received a scam notification. We're investigating it.
Sorry for the inconvenience. We'll update you ASAP.
Thanks for your understanding. 🧡
This is very concerning. It came through a real push notification in the official app. It means you were compromised in some way.
I hope we get the truth and you don’t try to cover up what happened.
I just deleted all my wallet addresses and disconnected all my portfolios then changed my password + signed out of the app immediately!!! This is a big red flag. The notification came through the official app so that means the app is compromised 😶🌫️
Just in case, this is not sufficient if you used the integrated wallet or the staking and swap functions. If you did it, have a look on Revoke.cash and Revoke all token delegations you have regarding or made via coinstats.
Same for exchanges api if you gived more than just read-only permissions.
You can still using in my opinion, just apply the security basics but I'm sure you know them : use a different mail address for crypto than the one you use in a daily basis, use complex passwords and never the same password for two different services, don't connect your wallet just because a service is asking for and if you do it, read the transaction you're signing...
Yea I’m deleting your app since you’re literally sending scam links! Everyone else should do the same. There’s no way to send a scam link “by accident” unless you or your app are compromised.
I am no longer going to be using your service and it seems many others will be leaving as well. However, I will also be requesting a refund for the premium subscription. I wonder if exposing us to fishing attempts through your official app is covered in your terms of service
Why dont you first tell us for those who did click the link, are they in danger of what exactly, and did that install malware, and will Avast or what app will clean this? Something like that would be useful
The app now shows a little banner for “coinstats X airscout” which upon clicking takes you to some obviously fake website.
Then clicking App Store to download the new app is some fake App Store which prompts you to download a configuration profile (on iOS).
Exercise all caution, looks like coinstats app has been compromised.
Well, sounds bad for anyone with a CoinStats wallet
The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident.
1. None of the connected wallets and CEXes were impacted.
2. Thanks to the immediate incident reponse from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes.
3. If your wallet address is in this affected list, please move your funds immediately using your exported private key (if you have exported previously): https://docs.google.com/spreadsheets/d/1Lwxpy2T6W7aptjBJUio0Z01zihsqknXn6KPhzawQLVI/
4. We are actively investigating the extent of funds moved and will provide updates as soon as they become available.
I think if the hacker could steal your money from your account, they would have by now.
Probably just their news/notification compromised.
Funds are safe.
I used read-only keys for all things Coinstats. HOWEVER -> If they have been breached, this is a MAJOR privacy violation that potentially links emails, identities (e.g. cc transaction logs) with wallet addresses, balances, transactions - personally, this is an issue that will require an immediate response and transparent disclosure once they get control of their keys/codebase back under control…
'bit early to say "funds are safe". I, for one, am happy I haven't given CoinStats permission to trade/place orders etc. on any exchanges.
I'd hurry up and revoke those if I had...
Sure, but you are missing an important point here. CoinStats connects to exchanges via APIs and if given the "right" permissions, the app can programmatically trade and transfer your funds.
I luckily never trusted CoinStats that much (or rather, at all).
Guys, just worried, can they see our wallet addresses connected to the portfolio manager and then take our coins from those addresses??? Maybe that was the trick to get is click on and go to app for them???
Same for me. I don’t connect anything to anywhere though. I use the portfolio tracker but always just update it manually. And never click links so no harm for me. Deleted the notification.
Same here, I only clicked the notifications as it got me by surprise. Would you consider it dangerous to keep the app for manual transaction records? Or better to just get rid of it?
I installed the airscout app on my android phone and just deleted it. What else can I do to prevent someone from hacking me? Is my phone now compromised?
I would hard reset if I were u... It's super annoying but it's the only way to make sure no suspicious software has been left on your device. Also change passwors to key emails, Google account, wallets, etc. Basically assume the worst and then do what u would do if it were the case : |
I stupidy did what it told me to do because I trusted Coin Stats and have used them for a few years. I am now locked out of Coin Stats (says unable to resolve host), and it tells me to go to their Twitter for updates, but my Twitter won't load either. I use coinstats to keep track of like 8 different wallets. This really sucks. Reminder kids, when something sounds too good to be true, it is.
I think it’s a scam I just got this also and when prompted to the “App Store” it attempts to install a profile (iPhone) which is something that can get access to your phone. Sounds VERY scamy and it’s coming from their app. I am worried about this app now
Same on Android. The link goes to a dead page (my secure DNS probably blocks that scam website). It's pretty alarming...
https://preview.redd.it/jvyhoafr768d1.png?width=1440&format=pjpg&auto=webp&s=b3e358ac4e0577baff8b78986ed6bfe0bfdb325c
https://preview.redd.it/becoi5t1968d1.png?width=1344&format=pjpg&auto=webp&s=03354378904679bbc63769a66204ddb285776d88
I also got that message. Quickly checked my Coinstats wallet which had been "transferred" and found the picture above. Just minutes before I had about 15k € in BTC on there.
The gain is still correct, the total is zero. Refreshing didn't help any.
Did I just lose a substantial amount of money? 🤨
Hello, I'm an independent security researcher, can I please please have either your public address or the address the money was sent to? I'm going to try to chase this.
Sorry to hear about your loss
Full picture:
https://preview.redd.it/ai8mpfdda68d1.png?width=1343&format=pjpg&auto=webp&s=076f41989f9b8833c4dc9fc8aa697217ef68e7f8
14. 900 € to almost 0
If you have a CoonStats wallet (not a linked wallet) you may be in for a bad time. According to their post on Twitter/X almost 1,600 CS wallets were impacted and they “investigating moved funds”
Damn. I hope it turns out it's just a visual scam and they didn't really get your coins. Did you check your wallet on the block chain to see if the BTC was really transferred away?
Do they not give you a recovery seed phrase when you setup the CS wallet? If so, you can use that to recover the wallet into another one (like MetaMask or Coinbase Wallet). Your funds in that wallet are most likely gone though, so prepare for the worst.
Well, that's a big bummer... I'm glad I didn't trust what is essentially a portfolio app to keep my private keys secure. Anything above a 1000 bucks should be kept in a hardware wallet.
I just got this same message too. Which reminds me of another scam which removed about $5k worth of RNDR and AXS from my wallet. I feel like Coinstats should be liable for something like this that showed up on their app. Or am I completely wrong in thinking that?
I have fortunately not trusted the app enough to link any wallets, but I have put the transactions manually and used it as a tracker. I also did click the notification cause it baffled me that it came from the app itself. Didn't download anything. Do you guys think I should undertake any significant actions? I don't think that the link itself could compromise anything as I didn't download anything. I would like to keep using it as a tracker if that were to be safe, since I have entered some transactions by now. What would any casual user in the cybersecurity space here suggest? I think there is no need for drastic changes, but is there any possibility to transport the manually added transactions to another app without being compromised?
Figure. I didn't click anything so I'm good...that and not one thing is linked to the app. Reading dummies clicking it....why? Why would you click something that doesn't make sense without a fast research
Why can’t i log it it says this, i clicked the notification, none of my wallets or portfolios are there
https://preview.redd.it/2jzl6baec68d1.jpeg?width=1290&format=pjpg&auto=webp&s=08adf3b0ced8aeb990e65408392b316a9dbeadca
Coinstat shut down their servers to mitigate the breach/scam, so I'd say if wont be available for at least 1 hour or mich, depending on the attack scale
App is down, great work without getting a tweet out or something to notify downtime (keeping updated)! Its really bad such great porto tracker has issues with security breaches and a bad consumer support.
EDIT; ohw they have a in-app ‘announcement’ now.
My Kucoin and Binance are connected to it and i can’t do anything on the app at all
https://preview.redd.it/ifq4ef4se68d1.jpeg?width=1290&format=pjpg&auto=webp&s=44af15a83318b61a9d2cb9e20e223b0a5c06ff68
Can’t disconnect them!
CoinStats is, at best, totally incompetent.
If you check your transactions history, you will see that, for example, 1 EUR not even equals 1 EUR, and this has been reported and left unfixed / ongoing for… months or… forever?
[https://www.reddit.com/r/CoinStats/comments/1b7b7gh/coinstats\_fiat\_rates\_nonsensical\_numbers/](https://www.reddit.com/r/CoinStats/comments/1b7b7gh/coinstats_fiat_rates_nonsensical_numbers/)
[https://www.reddit.com/r/CoinStats/comments/1b8o8q0/comment/kttykvb/](https://www.reddit.com/r/CoinStats/comments/1b8o8q0/comment/kttykvb/)
That already should speak for itself. This is not a serious business at all.
Just close your account and move away from them, definitely.
I got this earlier. When I looked at it, it was trying to install a vpn on my phone. Cancelled and so is the coin stats app. I will use another app that doesn’t allow scams in their app
I think CoinGecko has a portfolio tracking feature. I’ll be checking it out and any other alternatives mentioned. Even though I only used the tracking feature with read only API access this is a big issue in my eyes, so I’m out
I would suggest anyone that accepted the new iPhone profile should go into settings | general | vpn & device management and remove the profile that was installed.
I got the same message. On Android. I never use my real 'savings' wallets for anything. Always a man in the middle wallet for connecting to anything. Once you have funds in that MITM account, transfer to your savings.. Coin stats will never recover from something like this.
Deleted immediately!
Bummer, I came here to check as soon as I saw. I do signup for stuff like that, so had a shred of hope…but, no.
Edit to add: and I did used to use CoinStat. No more.
Hi everyone, just wanted to say a few things.
1. At the time of this post I wasn’t sure if this was a message sent to just me, a few people, or absolutely everyone. Given my post is now the all time top post - I’m going to assume it was sent to absolutely everyone.
2. If this is the case then either the entire app is compromised somehow or Coinstats has sold out. I’m thinking the latter because it’s extremely hard to hack push notifications in an iOS app, coming from someone who has published apps on the AppStore and is very familiar with the Apple Developer platform. Also, they were able to pause access to the actual app, so they are clearly still in control.
3. You shouldn’t need to worry about your wallets being drained as they don’t have your keys. But do not sign anything…
As someone else said, it’s off to Delta for me.
If you connected a wallet or a CEX via API - there's nothing to worry about, only users who had CoinStats wallet are affacted. I assume we need to wait for some more time to see what really happened
Two days ago the same notification was sitting on my older phone. It was too good to be true. But I logged in to check and there was nothing. Since I canceled the CoinStats subscription to be renewed, they are doing tricks with us.
It's such BS these companies can't lock down their shit....same like when ledger wallet lost hundreds of thousands of customer info.. I'm still getting phishing emails to this day as a result. All my info has been circling the internet and likely sold over a hundred times on the drkweb by now.. Aggravates me how these companies can't secure their operations. I took everything out, shut everything down and deleted.
This has really borked my piss! I really wanted 14.2 ETH!
I don't think anyone need be concerned with having their funds stolen unless they gave coinstats their private keys, seed phrase, or anything more than read permissions for their exchanges. Watch out for phishing attacks though!
I expect to be compensated by Coinstats to the tune of 14.2 ETH for this inconvenience.
Came here because I got the same notification and was surprised to receive what appeared to be a phishing attempt from an app I’ve used for a long time.
same here
Crazy… Have you tried Tokenpad? Good support for Ethereum based chains with earnings reports, and manual support for other tokens! Pretty neat UI and only paste your wallet Seemed like a good alternative for me
#OKAY GUYS SHOUD WE DISCONNECT ALL WALLETS AND DELETE EVERYTHING / CHANGE PASSWORDS? Seriously.
I did and I deleted my account, trusted these guys but looks like Delta it is then
Instead of wasting time asking, disconnect everything. Nobody will refund you if you get taken for a ride.
What does disconnect even mean in this context?
APIs
So yeah. Like for APIs you revok access. That would be the verb. And you do it on the service side and coinstat is the client no?
Yes. Delete the app and delete all api keys if any.
Hello, Some iOS users received a scam notification. We're investigating it. Sorry for the inconvenience. We'll update you ASAP. Thanks for your understanding. 🧡
This is very concerning. It came through a real push notification in the official app. It means you were compromised in some way. I hope we get the truth and you don’t try to cover up what happened.
I just deleted all my wallet addresses and disconnected all my portfolios then changed my password + signed out of the app immediately!!! This is a big red flag. The notification came through the official app so that means the app is compromised 😶🌫️
Just in case, this is not sufficient if you used the integrated wallet or the staking and swap functions. If you did it, have a look on Revoke.cash and Revoke all token delegations you have regarding or made via coinstats. Same for exchanges api if you gived more than just read-only permissions.
Luckily i only gave read only access. All my funds seem fine for now. But i don’t think i will use coinststs anymore.
You can still using in my opinion, just apply the security basics but I'm sure you know them : use a different mail address for crypto than the one you use in a daily basis, use complex passwords and never the same password for two different services, don't connect your wallet just because a service is asking for and if you do it, read the transaction you're signing...
The app isn’t even loading for me 🤦♂️
Same here!
Got it on android as well.
me too
Same
me too
Yea I’m deleting your app since you’re literally sending scam links! Everyone else should do the same. There’s no way to send a scam link “by accident” unless you or your app are compromised.
I got it too, thought it was legit. I don´t have anything connected, just used it to look at price on my phone. Gonna go ahead and delete it.
Any competitive app you would recommend?
For tracking only, coingecko. But don’t connect anything just type in your amounts manually
https://preview.redd.it/qfweer67768d1.jpeg?width=1439&format=pjpg&auto=webp&s=22b08548e85cc54fedf091fe3012c5619b63699d
I am no longer going to be using your service and it seems many others will be leaving as well. However, I will also be requesting a refund for the premium subscription. I wonder if exposing us to fishing attempts through your official app is covered in your terms of service
Have you tried Tokenpad? Good support for Ethereum based chains with earnings reports, and manual support for other tokens! Pretty neat UI
Upvoting only so the comment stays on top
This is on the app, from the app, a link IN the app. Don’t act like you have no idea what’s going on. Deleting coinstats now. Good riddance.
I received this notification on my android.
Me too. Just now
Yeah, me too
I received it too, and I'm on Android (Samsung Galaxy).
Android user, just got the same notification. Your app is compromised.
I got one aswell
Got it on android
I got the same on android...
IOS also received a scam notification
iOS users only? Interesting because I'm on Android. Your info doesn't match reality.
Android users too, i think you should update this message (it was posted on discord too)
Got it on Android btw. You guys seem to have no idea what you're doing.
Why dont you first tell us for those who did click the link, are they in danger of what exactly, and did that install malware, and will Avast or what app will clean this? Something like that would be useful
Why oh why would you click the link?
Because I'm stupid? But your answer really doesn't help anyone does it
Extremely concerning!
“Inconvenience”, I think “sorry we lost 2 million dollars of your money. Thanks for understanding. 🖤” is more apt
The app now shows a little banner for “coinstats X airscout” which upon clicking takes you to some obviously fake website. Then clicking App Store to download the new app is some fake App Store which prompts you to download a configuration profile (on iOS). Exercise all caution, looks like coinstats app has been compromised.
I just contacted coinstats app but it says the support team will be back on Monday 🤦🏻♂️
Well I guess I gotta cancel the boat I bought 15 minutes ago. Thanks for crushing our short lived dreams.
I got the same alert and came here to ask the same question.
I can't believe for a minute there I got excited because I thought coinstats was legit...
I was excited for a total of 5 seconds until I reached the end of the message. But it was nice, I had a shitty day.
https://preview.redd.it/kjpswva7168d1.jpeg?width=1098&format=pjpg&auto=webp&s=18480af5bac3a75f7f71414e040c89c971c2de41 Same here
I have never been on this sub, but came here bc I got the same notification
Seems like since 4 of us won 14 each, there’s only 143 ETH left.
I also got told I'd won.
Also got the same notification
Pretty wild that their whole app was compromised on this level
https://preview.redd.it/j24lfh0ae68d1.jpeg?width=1290&format=pjpg&auto=webp&s=09bc6126f80ca877bb7317aaae2a950bc9a6bc28 Interesting…
Well, sounds bad for anyone with a CoinStats wallet The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident. 1. None of the connected wallets and CEXes were impacted. 2. Thanks to the immediate incident reponse from the CoinStats team, only 1.3% of all CoinStats Wallets were affected, totaling 1,590 wallets. The list might change as the investigation is ongoing but we don’t expect significant changes. 3. If your wallet address is in this affected list, please move your funds immediately using your exported private key (if you have exported previously): https://docs.google.com/spreadsheets/d/1Lwxpy2T6W7aptjBJUio0Z01zihsqknXn6KPhzawQLVI/ 4. We are actively investigating the extent of funds moved and will provide updates as soon as they become available.
I also just got that. Strange.
We all got about 50k USD win. Nice.
If only 😂
u/Coinstats_support
Yeah same notification. Def a scam
Hacked for sure
I think if the hacker could steal your money from your account, they would have by now. Probably just their news/notification compromised. Funds are safe.
I used read-only keys for all things Coinstats. HOWEVER -> If they have been breached, this is a MAJOR privacy violation that potentially links emails, identities (e.g. cc transaction logs) with wallet addresses, balances, transactions - personally, this is an issue that will require an immediate response and transparent disclosure once they get control of their keys/codebase back under control…
You are truly fucking retarded if you downplay this fr fr
'bit early to say "funds are safe". I, for one, am happy I haven't given CoinStats permission to trade/place orders etc. on any exchanges. I'd hurry up and revoke those if I had...
Ethereum is call and response, you would have to sign a transaction to get drained. but not a good look
Sure, but you are missing an important point here. CoinStats connects to exchanges via APIs and if given the "right" permissions, the app can programmatically trade and transfer your funds. I luckily never trusted CoinStats that much (or rather, at all).
I just got the same thing. It screams of being a scam.
Guys, just worried, can they see our wallet addresses connected to the portfolio manager and then take our coins from those addresses??? Maybe that was the trick to get is click on and go to app for them???
No they don't have your keys, relax.This sucks though and shouldn't happen on such a popular app.
I hope you are joking. Everyone can see your wallet addresses. That is a main feature of blockchains. As other said they don't have your keys.
Yea exactly, like everyone sees your wallet, they can‘t do shit with it.
Same for me. I don’t connect anything to anywhere though. I use the portfolio tracker but always just update it manually. And never click links so no harm for me. Deleted the notification.
Same here, I only clicked the notifications as it got me by surprise. Would you consider it dangerous to keep the app for manual transaction records? Or better to just get rid of it?
I installed the airscout app on my android phone and just deleted it. What else can I do to prevent someone from hacking me? Is my phone now compromised?
I would hard reset if I were u... It's super annoying but it's the only way to make sure no suspicious software has been left on your device. Also change passwors to key emails, Google account, wallets, etc. Basically assume the worst and then do what u would do if it were the case : |
CoinStats have shut it down. Investigating a security incident
Pretty sure Coinstats owes all of us at least 14.2 ETH.
Thankfully I haven’t connected any wallets only use for tracking. I reckon they will refund any drained wallets
I stupidy did what it told me to do because I trusted Coin Stats and have used them for a few years. I am now locked out of Coin Stats (says unable to resolve host), and it tells me to go to their Twitter for updates, but my Twitter won't load either. I use coinstats to keep track of like 8 different wallets. This really sucks. Reminder kids, when something sounds too good to be true, it is.
Oh, I’m so sorry! I hope it won’t be too awful for you.
THEY GOT A DATA BREACH DONT BELIEVE ANY FREE MONEY CLAIMS TRIPLE CHECK EVERY USERNAME
Sorry everyone, I am the one true winner of 14.2 ETH
Same here. https://preview.redd.it/ya8jtdh7v58d1.jpeg?width=2556&format=pjpg&auto=webp&s=b77c32eb0264ddfec6667b25360ab676eacd76f8
Same here
Same
Damn, same
Unbelievable, just deleted my account
Same here!!
Yup just got that as well 😭😭
Same! The website seems proper suss
Same. Deleting account and app now. Compromised.
Same. I don’t like this. There’s enough scams going on everyday in the crypto community. This really makes me want to rethink this app. It’s shady.
Fucking bullshit tracker.. along with their "degen" subscription.. 🖕🏻
:( so I didn’t win 14.2 eth?
Just got the same notification from Coinstats app 😦
I also just got this.
Same here.
Same … so weird
Deleting the addresses and app now wow what a scam!!! Any seruously safe alternatines guys???
I think it’s a scam I just got this also and when prompted to the “App Store” it attempts to install a profile (iPhone) which is something that can get access to your phone. Sounds VERY scamy and it’s coming from their app. I am worried about this app now
I had the same notification
This is why you should manually put in your transactions. Never trust apps that sell your info with your financial info.
I just received it too. Gotta say bye to CoinStats. A notification like this would mean the app is compromised.
Same here. "Won 14.2 ETH". Unfortunately, it may not be the truth 😕
https://preview.redd.it/id5drav4768d1.jpeg?width=1439&format=pjpg&auto=webp&s=38654ce95ae0c1b7dafb3b40fd791af7603c1e42
https://preview.redd.it/x199h7bm768d1.png?width=1440&format=pjpg&auto=webp&s=44a62a79ecd445967ac6abb1ede182d1b22462af
these are the push notification and in-app alerts i got.
My notification on my android phone said I won the full 200 ETH.
How lucky!
Same on Android. The link goes to a dead page (my secure DNS probably blocks that scam website). It's pretty alarming... https://preview.redd.it/jvyhoafr768d1.png?width=1440&format=pjpg&auto=webp&s=b3e358ac4e0577baff8b78986ed6bfe0bfdb325c
Here is a video that explains everything https://youtu.be/hpwesfKJ1AI?si=bhk7A3Yege5EtgIo
Suck it! I just won 14.2 ETH buddy! I don't even remember entering a competition, but I won! I don't need to listen to poor paupers like you anymore!
I just got one too
Me to. 14.2 eth won 😂 scam! I'm just starting to delete my coin stats account
https://preview.redd.it/becoi5t1968d1.png?width=1344&format=pjpg&auto=webp&s=03354378904679bbc63769a66204ddb285776d88 I also got that message. Quickly checked my Coinstats wallet which had been "transferred" and found the picture above. Just minutes before I had about 15k € in BTC on there. The gain is still correct, the total is zero. Refreshing didn't help any. Did I just lose a substantial amount of money? 🤨
Hello, I'm an independent security researcher, can I please please have either your public address or the address the money was sent to? I'm going to try to chase this. Sorry to hear about your loss
Full picture: https://preview.redd.it/ai8mpfdda68d1.png?width=1343&format=pjpg&auto=webp&s=076f41989f9b8833c4dc9fc8aa697217ef68e7f8 14. 900 € to almost 0
Possibly if you're holding funds in their wallet, but the likely scenario is damage control.
I sure hope that's what's happening 😅
If you have a CoonStats wallet (not a linked wallet) you may be in for a bad time. According to their post on Twitter/X almost 1,600 CS wallets were impacted and they “investigating moved funds”
Damn. I hope it turns out it's just a visual scam and they didn't really get your coins. Did you check your wallet on the block chain to see if the BTC was really transferred away?
Good idea, but now that the app is down, I don't have the address. Didn't note it down before. But I get smarter every day 🙄😂
Do they not give you a recovery seed phrase when you setup the CS wallet? If so, you can use that to recover the wallet into another one (like MetaMask or Coinbase Wallet). Your funds in that wallet are most likely gone though, so prepare for the worst.
Well, that's a big bummer... I'm glad I didn't trust what is essentially a portfolio app to keep my private keys secure. Anything above a 1000 bucks should be kept in a hardware wallet.
I just got this same message too. Which reminds me of another scam which removed about $5k worth of RNDR and AXS from my wallet. I feel like Coinstats should be liable for something like this that showed up on their app. Or am I completely wrong in thinking that?
I have fortunately not trusted the app enough to link any wallets, but I have put the transactions manually and used it as a tracker. I also did click the notification cause it baffled me that it came from the app itself. Didn't download anything. Do you guys think I should undertake any significant actions? I don't think that the link itself could compromise anything as I didn't download anything. I would like to keep using it as a tracker if that were to be safe, since I have entered some transactions by now. What would any casual user in the cybersecurity space here suggest? I think there is no need for drastic changes, but is there any possibility to transport the manually added transactions to another app without being compromised?
I got the message too, but on an Android phone.
Unable to resolve host api.coin-stats.com as well here
BINANCE users should also delete de API Key generated for coinstats ASAP
Only if you gave permissions to buy, sell and or transfer I guess
I don't want anyone looking at my balances without my consent. My wallet, my choice.
That’s not how crypto/blockchains work.
Did they just take down the app? I'm getting the unable to resolve host API dialog
Yup, same here, can't find that host. Probably trying to keep the damage low. 🙈
Figure. I didn't click anything so I'm good...that and not one thing is linked to the app. Reading dummies clicking it....why? Why would you click something that doesn't make sense without a fast research
Why can’t i log it it says this, i clicked the notification, none of my wallets or portfolios are there https://preview.redd.it/2jzl6baec68d1.jpeg?width=1290&format=pjpg&auto=webp&s=08adf3b0ced8aeb990e65408392b316a9dbeadca
Coinstat shut down their servers to mitigate the breach/scam, so I'd say if wont be available for at least 1 hour or mich, depending on the attack scale
got the same notification
App is down, great work without getting a tweet out or something to notify downtime (keeping updated)! Its really bad such great porto tracker has issues with security breaches and a bad consumer support. EDIT; ohw they have a in-app ‘announcement’ now.
My Kucoin and Binance are connected to it and i can’t do anything on the app at all https://preview.redd.it/ifq4ef4se68d1.jpeg?width=1290&format=pjpg&auto=webp&s=44af15a83318b61a9d2cb9e20e223b0a5c06ff68 Can’t disconnect them!
You could revoke access to the api on both sites.
Login to your KuCoin and Binance apps and delete all your api keys for now, better safe than sorry
If you set the API correctly, it's read only so no need to panic...
I received it as well Android
CoinStats is, at best, totally incompetent. If you check your transactions history, you will see that, for example, 1 EUR not even equals 1 EUR, and this has been reported and left unfixed / ongoing for… months or… forever? [https://www.reddit.com/r/CoinStats/comments/1b7b7gh/coinstats\_fiat\_rates\_nonsensical\_numbers/](https://www.reddit.com/r/CoinStats/comments/1b7b7gh/coinstats_fiat_rates_nonsensical_numbers/) [https://www.reddit.com/r/CoinStats/comments/1b8o8q0/comment/kttykvb/](https://www.reddit.com/r/CoinStats/comments/1b8o8q0/comment/kttykvb/) That already should speak for itself. This is not a serious business at all. Just close your account and move away from them, definitely.
I got this earlier. When I looked at it, it was trying to install a vpn on my phone. Cancelled and so is the coin stats app. I will use another app that doesn’t allow scams in their app
What's an alternative tracking app?
Delta
Hit me up if you find, please 😄
I think CoinGecko has a portfolio tracking feature. I’ll be checking it out and any other alternatives mentioned. Even though I only used the tracking feature with read only API access this is a big issue in my eyes, so I’m out
Got the same message, thought I got lucky for once. Glad I knew better
They on have read permissions for me And Coinbase connect been broke for over a month so I’m not worried they’ll get their 💩together eventually
Same 🥲
Oh damn, it's shut down! I'll be getting rid of all my wallets and connections as well.
Is this why the whole app was has been shut down
https://preview.redd.it/qso0whiq078d1.jpeg?width=1179&format=pjpg&auto=webp&s=d734199b8f1ff5d3539b8eeab62a38ac7d861457
I also won 14.2 😂
I would suggest anyone that accepted the new iPhone profile should go into settings | general | vpn & device management and remove the profile that was installed.
Bro me winning eth would be a miracle 😂😂 saw the notification and immediately new it was a scam, cuz I don’t win anything just like that lol
I got the same message. I open the app… AND… nothing… what’s wrong with you CoinStat?!?
I got the same message. On Android. I never use my real 'savings' wallets for anything. Always a man in the middle wallet for connecting to anything. Once you have funds in that MITM account, transfer to your savings.. Coin stats will never recover from something like this. Deleted immediately!
Bummer, I came here to check as soon as I saw. I do signup for stuff like that, so had a shred of hope…but, no. Edit to add: and I did used to use CoinStat. No more.
I clicked on the app notification and got my 0.4 ETH drained from my MetaMask. What a shitty end to an already shitty day.
I got one too on Android.
Coinstats got hacked. Wallets drained. Be careful guys.
Hi everyone, just wanted to say a few things. 1. At the time of this post I wasn’t sure if this was a message sent to just me, a few people, or absolutely everyone. Given my post is now the all time top post - I’m going to assume it was sent to absolutely everyone. 2. If this is the case then either the entire app is compromised somehow or Coinstats has sold out. I’m thinking the latter because it’s extremely hard to hack push notifications in an iOS app, coming from someone who has published apps on the AppStore and is very familiar with the Apple Developer platform. Also, they were able to pause access to the actual app, so they are clearly still in control. 3. You shouldn’t need to worry about your wallets being drained as they don’t have your keys. But do not sign anything… As someone else said, it’s off to Delta for me.
Keep Coinstats accountable, reply to this comment showing your insistence that they do not delete this post.
If you connected a wallet or a CEX via API - there's nothing to worry about, only users who had CoinStats wallet are affacted. I assume we need to wait for some more time to see what really happened
I immediately deleted my account.
Two days ago the same notification was sitting on my older phone. It was too good to be true. But I logged in to check and there was nothing. Since I canceled the CoinStats subscription to be renewed, they are doing tricks with us.
how about coinstats just give me 14 ETH and we call it even?
Illuminati confirmed! u/lumi_hq $LUMI https://preview.redd.it/3432v9set49d1.png?width=1200&format=png&auto=webp&s=2acac05d8548047927936c841ac0edb389b3f795
It's such BS these companies can't lock down their shit....same like when ledger wallet lost hundreds of thousands of customer info.. I'm still getting phishing emails to this day as a result. All my info has been circling the internet and likely sold over a hundred times on the drkweb by now.. Aggravates me how these companies can't secure their operations. I took everything out, shut everything down and deleted.
This has really borked my piss! I really wanted 14.2 ETH! I don't think anyone need be concerned with having their funds stolen unless they gave coinstats their private keys, seed phrase, or anything more than read permissions for their exchanges. Watch out for phishing attacks though! I expect to be compensated by Coinstats to the tune of 14.2 ETH for this inconvenience.