ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Stablecoin USR Suddenly Crashes and Depegs! Resolv Reveals "Minting Vulnerability" Exploited by Hackers, Who Steal $25 Million
DeFi protocol Resolv exploited by hackers who used a vulnerability to mint 80 million unbacked stablecoin USR at low cost, cashing out approximately $25 million and triggering stablecoin depegging and lending market turmoil. Although officials claimed the collateral pool remained intact, experts criticized weak permission controls and lack of effective security safeguards. This incident reveals potential risks of stablecoins and the impact of supply inflation on markets.
区块客28m ago
Husband accuses wife of stealing over 2,000 bitcoins! Judge: The plaintiff has a very high chance of winning.
The UK High Court recently heard a Bitcoin theft case in which plaintiff Ping Fai Yuen accused his separated wife Fun Yung Li of stealing Bitcoin from his hardware wallet through secret surveillance, valued at approximately $176 million. Audio recordings and search warrant evidence supported the plaintiff's claims. The court maintained the asset freeze order but rejected certain claims. The judge found the plaintiff had an extremely high likelihood of success and recommended expediting the trial date.
区块客59m ago
PancakeSwap BCE-USDT liquidity pool was attacked, resulting in a loss of approximately $679,000.
Gate News reported that on March 23, according to BlockSec monitoring, the PancakeSwap BCE-USDT liquidity pool on the BSC chain was attacked a few hours ago, resulting in losses of approximately $679,000. The attack was caused by a defective burn mechanism in the BCE token. The attacker deployed two malicious contracts that successfully bypassed buy-sell restrictions and triggered token burning within the pool, causing the pool's reserve ratio to become unbalanced, ultimately draining approximately $679,000 in funds from the BCE-USDT pool.
GateNews1h ago
Google Warning: 270 Million iPhone Encrypted Wallets Threatened by DarkSword, Immediate Upgrade Required to Protect Bitcoin and Ethereum Assets
Google Discloses Critical DarkSword Vulnerability in iPhone Crypto Wallet, Affecting Approximately 2.7 Million Devices, Primarily Targeting Users Who Haven't Upgraded to the Latest System. Hackers Can Obtain Kernel-Level Access to Devices Through Malicious Websites, Stealing Sensitive Data in Large Quantities. Apple Has Patched the Related Vulnerabilities, and Users Need to Update Their Systems Promptly and Strengthen Security Measures to Protect Personal Assets.
GateNews2h ago
Crypto Fraudsters Targeted Vizagites, Duped them of ₹35 lakhs
A group of Vizagites lost over ₹35 lakh in a crypto scam, lured by fraudsters promising high returns. Victims were approached through social media, and withdrawal requests were blocked after initial gains. Authorities are investigating under the IT Act.
TheNewsCrypto2h ago
