Audit log

Every state-changing event for CoinStats: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 03:59:57Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,643,187

   sig

   5Zzf6FSsocYT…YagfL9Zpcopyexplorer ↗

   hash

   5NMqca22rKwb…hAMvCFVhcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6906 B) ▸

   {"actor":"system:backfill","investigation_id":"de664b96-0a0a-4793-b5fe-64c80e308658","kind":"publish","page_slug":"coinstats","published_at":"2026-05-28T03:59:57.141Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"CoinStats","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://legelata.am/armenian-startup-coinstats-raised-3-2-million/","type":"other","url":""},{"credibility":3,"name":"https://tracxn.com/d/companies/coinstats/__neWRsQPS1LXU_Vdg5HVQS00dVtH9kGnfI-KWacM6xKU","type":"other","url":""},{"credibility":3,"name":"https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinstats.app/blog/security-incident-report/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/coinstats-hack-social-engineering-attack","type":"other","url":""},{"credibility":3,"name":"https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/","type":"other","url":""},{"credibility":3,"name":"https://www.securityweek.com/hackers-steal-over-2-million-in-cryptocurrency-from-coinstats-wallets/","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/coinstats-suspends-app-after-security-breach-compromises-1590-wallets/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/coinstats-security-breach-crypto-wallets-hacked/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.bitget.com/news/detail/12560604061545","type":"other","url":""},{"credibility":3,"name":"https://www.financemagnates.com/trending/coinstats-hack-the-2-million-crypto-heist-that-left-traders-reeling/","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/square/post/2024-06-23-coinstats-app-attacked-hackers-steal-and-sell-mkr-tokens-9840683146137","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinstats.app/blog/security-incident-report/","type":"other","url":""},{"credibility":3,"name":"https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/","type":"other","url":""},{"credibility":3,"name":"https://www.bitdefender.com/en-us/blog/hotforsecurity/coinstats-breach-state-sponsored-hackers-to-blame-for-stealing-funds-from-approx-1-600-user-accounts","type":"other","url":""},{"credibility":3,"name":"https://www.securityweek.com/hackers-steal-over-2-million-in-cryptocurrency-from-coinstats-wallets/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/coinstats-hack-1m-eth-transferred-tornado-cash","type":"other","url":""},{"credibility":3,"name":"https://secret3.com/news/hackers-launder-1m-in-ether-through-tornado-cash-after-coinstats-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinstats.app/blog/security-incident-report/","type":"other","url":""},{"credibility":3,"name":"https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinstats.app/blog/security-incident-report/","type":"other","url":""},{"credibility":3,"name":"https://www.financemagnates.com/trending/coinstats-hack-the-2-million-crypto-heist-that-left-traders-reeling/","type":"other","url":""},{"credibility":3,"name":"http://help.coinstats.app/en/articles/6453281-protect-yourself-from-potential-scams","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"http://help.coinstats.app/en/articles/6453281-protect-yourself-from-potential-scams","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/products/coinstats/","type":"other","url":""},{"credibility":3,"name":"https://play.google.com/store/apps/details?id=com.coinstats.crypto.portfolio","type":"other","url":""}]}],"sources_used":[],"summary":"CoinStats is an Armenian-founded cryptocurrency portfolio tracking application with approximately 1.5 million users, founded in 2017 by Narek Gevorgyan. On June 22, 2024, the platform suffered a significant security breach in which 1,590 internally-hosted wallets were compromised and approximately $2.2 million in cryptocurrency was stolen, with attribution pointing to North Korea's Lazarus Group. The platform has since rebuilt its infrastructure and restored operations, but no confirmed compensation program for affected users has been publicly documented.","timeline":[{"date":"2017-01-01","event":"CoinStats founded in Yerevan, Armenia by Narek Gevorgyan as a personal crypto portfolio tracking tool.","source":""},{"date":"2021-01-01","event":"CoinStats reports 1.2 million monthly active users and sixfold revenue growth; raises $3.2 million in early funding.","source":""},{"date":"2024-06-22","event":"Security breach detected at approximately 18:00 UTC. Attackers gain access to AWS infrastructure and HashiCorp Vault via a socially engineered employee. 1,590 internal wallets compromised. Malicious push notification sent to iOS users directing them to a drainer site. Platform taken offline.","source":""},{"date":"2024-06-22","event":"Blurr.eth's wallet drained of 3,657 MKR tokens (~$8.7M). Hacker liquidates MKR on-chain, causing a 7% MKR price drop.","source":""},{"date":"2024-06-22","event":"CoinStats publicly discloses breach via X (Twitter) and urges users with internally-created wallets to transfer funds immediately.","source":""},{"date":"2024-06-24","event":"CoinStats partially restores platform operations with enhanced security measures.","source":""},{"date":"2024-06-25","event":"On-chain analysts observe approximately 211 ETH (~$1M) transferred from attacker wallets to Tornado Cash mixer.","source":""},{"date":"2024-07-03","event":"CoinStats announces full platform restoration; all functionalities operational.","source":""},{"date":"2024-07-12","event":"CoinStats publishes formal security incident report attributing attack to Lazarus Group or a related nation-state actor. Reports $2.2M in total losses across 1,590 wallets. Announces victim registration form with August 15 deadline for compensation eligibility consideration.","source":""},{"date":"2024-08-15","event":"Deadline for affected users to submit information to CoinStats for potential future compensation consideration.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 473c13d2-bb51-4e76-8af4-adb939a9e59fcopy