ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
A certain CEX participated in an international operation led by the UK’s NCA to crack down on authorized phishing scams
A certain CEX participated in an "Operation Atlantic" operation led by the U.K. National Crime Agency to crack down on crypto and investment scams, with a particular focus on authorized phishing schemes. The CEX provided on-site support, helped identify victims and malicious websites, and shared intelligence with law enforcement agencies, protecting thousands of potential victims.
GateNews17m ago
ZachXBT: Spartans co-founder is allegedly behind the Blockdag pre-sale scam, raising over $300 million
On-chain sleuth ZachXBT accuses Gurhan Kiziloz, the suspected co-founder of the casino platform Spartans, of spearheading the Blockdag Network project, allegedly luring retail investors into fundraising with false promotion of $300 million, and withdrawing the funds to the Middle East within two years. Gurhan is also suspected of lavish spending and using public relations to maintain his image.
GateNews29m ago
An American law firm launches a class-action lawsuit investigation into the Drift Protocol theft, questioning whether Circle failed to freeze funds
U.S. law firm Gibbs Mura initiates a class-action investigation into the Drift Protocol theft incident, involving an amount of approximately $280 million to $285 million. The law firm said that Circle did not freeze the stolen funds in a timely manner, and urged affected users to join the lawsuit to recover their losses.
GateNews1h ago
Aethir’s AethirOFTAdapter contract may have been attacked, with the stolen funds stored on the BSC chain
Gate News message: On April 9, PeckShield posted a notice warning that the AethirOFTAdapter contract of the Aethir project may have been attacked. The stolen funds are currently held in an address on the BSC chain. PeckShield has publicly reminded the official teams of AethirCloud and AethirEco to look into this matter, but the exact loss amount has not been disclosed yet.
GateNews2h ago
Crypto wallet Phantom crashes! During the token airdrop, prices got mixed up, sparking a wave of users seeking compensation claims
Phantom Wallet experienced a malfunction during the token airdrop, causing abnormal token prices and account balances to display. Although the assets were safe, users suffered transaction losses, which led to compensation demands and a trust crisis. The incident also heightened concerns about blockchain security, and some malicious actors may take advantage of the chaotic situation to launch phishing attacks. While the technical issue has been fixed, improvements are still needed for the user experience and system stability.
CryptoCity2h ago
ZachXBT: Bitcoin Depot was actually robbed of 54 BTC, and the discovery was 3 days later than the official disclosure
On-chain sleuth ZachXBT said the Bitcoin Depot hack resulted in an actual loss of 54 bitcoins, which is more than its official reported figure of 50.9 bitcoins. The hacker stole the funds on March 20 after compromising credentials, and Bitcoin Depot only discovered the loss three days later.
GateNews3h ago
