2 months ago
The crypto payments level UPCX temporarily halted deposits and withdrawals pursuing a information breach that whitethorn person led to the nonaccomplishment of astir $70 cardinal successful integer assets.
On April 1, the level revealed it had detected unauthorized entree to a absorption account. In response, UPCX instantly suspended each idiosyncratic transactions arsenic a precaution portion launching an interior investigation. The squad assured users that their funds stay unafraid and untouched.
Security experts astatine Cyvers flagged the contented aft identifying aggregate suspicious transactions connected to the platform.
According to the firm’s analysis, the attacker gained entree to a cardinal administrative wallet, modified its astute declaration permissions, and triggered a relation that allowed them to determination 18.4 cardinal UPC tokens, valued astatine astir $70 million.
Cyvers said the stolen funds are inactive successful a azygous wallet, and nary further attempts to person oregon transportation the assets person been observed arsenic of property time.
Cyvers CTO Meir Dolev explained to CryptoSlate that the onslaught mirrors the astir important exploits successful the past twelvemonth that stemmed from compromised credentials oregon mediocre entree control. These issues accounted for implicit 80% of stolen funds crossed the Web3 abstraction past year.
Dolev said:
“This incidental mirrors onslaught patterns we’ve documented successful anterior exploits, wherever entree to captious administrative roles enabled malicious upgrades and money drainage. It underscores the urgent request for enhanced information astir wallet permissions, multisig implementations, and runtime transaction validation.”
Q1 hacks
The UPCX incidental is the archetypal important hack successful the 2nd quarter, adding to a increasing database of attacks this year.
According to data from PeckShield, implicit $1.63 cardinal was stolen crossed much than 60 crypto exploits successful the archetypal quarter. This fig marks a 131% summation compared to the archetypal 4th of 2024, erstwhile losses totaled $706 million.
The astir damaging attacks during the archetypal 4th were a $1.46 cardinal exploit targeting Bybit and a $69.1 cardinal breach astatine Phemex. Combined, the 2 accounted for 94% of the full losses.
Meanwhile, March unsocial saw 20 abstracted hacks totaling implicit $33 cardinal successful damages. The largest was a $13 cardinal theft from DeFi protocol Abracadabra.money, followed by an $8.4 cardinal exploit astatine Zoth, a real-world plus staking platform.
The station UPCX halts transactions aft $70 cardinal hack exposes vulnerabilities appeared archetypal connected CryptoSlate.
English (US) 