Zerion detected abnormal activity on app.zerion.io and pulled the web app offline. Blockaid has blocked the site. iOS, Android, and browser extensions remain fully safe.
Zerion flagged something unusual on its web app on April 11. The team moved fast. Within hours, app.zerion.io was offline.
The Web3 wallet platform confirmed the incident directly on X, urging users to stop using the web interface until further notice. “We’re investigating some abnormal activity on app.zerion.io,” Zerion wrote on X, adding that user funds remain safe inside self-custodial wallets. The team asked everyone to rely only on official communication from the account.
No details on the nature of the activity came immediately. The team did not confirm whether an exploit was involved or what triggered the alert.
Blockaid Steps In, Mobile Apps Stay Untouched
A second update followed. Zerion said it had proactively taken the web app down and that security firm @blockaid_ had also blocked the site as a precautionary step. “The iOS and Android Apps, Web Extension are SAFE and are not affected,” Zerion confirmed on X. The team said it is actively monitoring the situation.
The response puts Zerion among platforms that are choosing transparency and speed over waiting. This comes as crypto hacks dropped to $168 million in Q1 2026, down sharply from the year prior, though security incidents continue targeting web-based interfaces in particular.
Self-custodial architecture is the reason user funds are protected here. Because Zerion operates as a non-custodial wallet, the platform holds no private keys. Funds sit with the user. The web app going offline does not change that.
What Users Should Do Right Now
The advice from Zerion is clear. Avoid the web app entirely. Use the iOS app, the Android app, or the browser extension only. Do not interact with any links claiming to be app.zerion.io until the team confirms the platform is restored.
This pattern of a compromised frontend while underlying funds remain intact is not new. Just days ago, a fake trading firm compromised Drift Protocol through a sophisticated social engineering attack targeting the web interface and developer access. The nature of these incidents shows how web app layers often carry the most exposure in DeFi infrastructure.
Zerion said another update will come once the web app is restored. No timeline was given.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Polkadot Undergoes Bridge Exploit, Attacker Mints 1B $DOT on Ethereum
Polkadot faced a major security breach where an attacker minted 1B $DOT coins on Ethereum via a 3rd-party bridge, draining over $240,000 in $ETH. This incident highlights ongoing vulnerabilities in cross-chain infrastructure and its impact on market stability.
BlockChainReporter21m ago
Circle CEO: Due to the “moral dilemma,” the Drift hacker incident, which was not frozen, resulted in the theft of USDC
Circle CEO Jeremy Allaire addressed criticism at a news conference regarding the previously unfrozen stolen USDC, emphasizing that the company will only freeze wallets under law enforcement instructions. In addition, he said Circle is in communication with U.S. lawmakers, hoping to establish a “safe harbor” mechanism for stablecoin issuers.
GateNews1h ago
A woman in Hong Kong in her 50s was scammed through online romance, losing more than 2 million yuan; the scammer claimed to be a cryptocurrency investment expert.
Hong Kong police have disclosed a cryptocurrency investment scam in which a woman was tricked on Instagram, losing more than 2 million yuan. The fraudster posed as an investment expert, luring her into making transfers and exchanging cash multiple times. Police remind people to be more vigilant when making online friends and to watch out for transfer scams.
GateNews2h ago
Instagram crypto-romance scam: “investment experts” defrauded a woman in her fifty-something from NT$2 million (200萬)
Hong Kong police have recently disclosed an online dating scam in which the losses exceeded HK$2 million. The fraudster initiated contact on Instagram, built trust, and then lured the victim in the name of “cryptocurrency investment,” prompting them to exchange in seven installments for USDT and transfer the funds. Police reminded residents to recognize the hallmarks of scams and advised using anti-fraud tools, urging vigilance when engaging in online dating that involves any fund transfers.
MarketWhisper6h ago
Justin Sun Criticizes WLFI Token Over Transparency Concerns
Justin Sun has exposed that the World Liberty Finance project has backdoor functions in its smart contracts, allowing asset confiscation without notice. This violates decentralization principles, harming investor rights and undermining trust in the blockchain community.
BlockChainReporter6h ago
Ethereum Hyperbridge HandlerV1 contract was subjected to an MMR proof replay attack, resulting in a loss of approximately $242k
Hyperbridge HandlerV1 contract on Ethereum was hit by an MMR proof replay attack, resulting in a loss of about $242k. The attacker used the vulnerability to replay historical proofs to carry out privileged operations, and replay protection failed to effectively bind the request payload.
GateNews6h ago
