ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Resolv: Strongly recommend not to trade or acquire USR at this time.
Resolv Labs strongly advises against trading or acquiring USR, as illegally minted USR has been mixed with legitimate USR, posing trading risks. An recovery plan for affected holders is currently under evaluation, but the effectiveness of any remedial measures cannot be guaranteed. Continuing to trade may complicate the asset recovery process.
BlockBeatNews2h ago
A CEX platform requires users to input their plaintext seed phrase on a specific page.
Gate News reports that on March 26, Co-founder Yu Xian of SlowMist stated that a certain CEX has taken down the page that required users to input their plaintext seed phrases. He pointed out that the security model for online web pages is very weak, much lower than that of extensions and apps; collecting plaintext seed phrases through online web pages is easy for phishing sites to imitate and has long been a common phishing tactic.
GateNews3h ago
Moonwell suffers governance attack; attacker attempts to control over $1 million in funds with $1,800.
DeFi lending protocol Moonwell has experienced a governance attack. The attacker purchased approximately 40 million MFAM tokens for $1,800 and attempted to transfer admin rights of core contracts such as the lending market through a proposal to extract user funds. Voting is currently underway, with opposition votes leading, but the outcome has not yet been decided.
BlockBeatNews4h ago
Moonwell suffers governance attack, with attackers spending $1,800 to push malicious proposals, risking $1.08 million in funds.
On March 26, DeFi lending protocol Moonwell was subjected to a governance attack. The attacker used about $1,800 to purchase 40 million MFAM tokens and pushed a malicious proposal, putting over $1 million of user funds at risk. The proposal transferred control to the attacker's contract, affecting multiple lending markets.
GateNews4h ago
U.S. Indicts Chinese Firms in Fentanyl Case Involving Crypto Payment Networks
U.S. prosecutors have indicted Chinese companies and nationals for supplying fentanyl precursors and facilitating payments via cryptocurrency. The case, linked to global networks and targeting international smuggling, highlights the role of stablecoin flows in the drug trade.
LiveBTCNews4h ago
Hong Kong police announce progress in JPEX scam case: 80 people arrested, assets frozen worth approximately HKD 228 million
Hong Kong police are investigating the JPEX virtual asset trading platform scam. Since September 2023, they have arrested 80 people, frozen assets worth approximately HKD 228 million, and over 2,700 victims are involved with a total amount of HKD 1.6 billion. Authorities are searching for the mastermind and accomplices.
BlockBeatNews6h ago
