On February 26, 2026 – The Vietnam-based DeFAI Holdstation smart wallet project (built on Worldcoin and BNB Chain) confirmed it was a victim of a serious supply chain attack in the early morning of February 25, 2026. The total loss recorded is 462,000 USDT.
This is the project’s second security incident in 2026, after losing approximately $100,000 in January.
Supply Chain Attack: Not Targeting Smart Contracts but Infrastructure
According to official statements, the hacker did not directly breach user wallets or smart contracts. Holdstation and the auditing firm Verichains confirmed that the smart contracts remain secure.
Instead, the attacker targeted the application distribution infrastructure – the platform that provides updates to users.
Specifically, the hacker:
After gaining control of the infrastructure, the attacker modified the JavaScript files in the official app version, inserting malicious code as a backdoor. Users updating the app inadvertently installed the infected version.
“Silent” Withdrawal Mechanism
The malicious code is designed to activate immediately after installation:
As a result, many wallets were drained within the first few minutes after the malicious update was released.
Holdstation’s Emergency Response Within 30 Minutes
According to the timeline released (UTC+7):
Subsequently, Holdstation coordinated with Verichains to analyze on-chain data and gather evidence for the investigation.
The current confirmed total loss is 462,000 USDT.
100% Refund Commitment to Users
Holdstation commits to fully reimburse affected assets. Users are required to fill out the official form at:
https://forms.gle/9FriUzFWHx6ZPXCS7
The team will verify on-chain ownership and authenticate wallets before issuing refunds. The project emphasizes that no seed phrase, private key, or any fees are required during the reimbursement process.
Security Lessons for the Industry
The incident shows that even if smart contracts are secure, vulnerabilities in the software distribution infrastructure can cause significant losses. This type of attack is a supply chain attack – where hackers infiltrate the “entry point” of the product rather than attacking users directly.
Holdstation stated it is upgrading its entire release process, including:
This incident has attracted significant attention from the Vietnamese crypto community, as Holdstation is one of the DeFi wallet projects based in Ho Chi Minh City.
The project promises to continue updating the investigation progress in the coming days.
Vương Tiễn
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Galaxy: Quantum Computing Poses Real Threat to Bitcoin but Not Urgent Crisis, Approximately 7 Million BTC in Long-Term Exposure State
Galaxy Digital's head of research Alex Thorn points out that quantum computing poses a threat to Bitcoin, but the threat is not urgent and investors need not panic. Approximately 7 million BTC are at long-term risk, but current quantum computing capabilities cannot break the encryption, and developers have already proposed multiple solutions to address the issue.
GateNews46m ago
FBI Director Admits Spending Money to Buy "Location Data" to Track American Citizens! Blasted for Trampling Fourth Amendment
FBI Director Kash Patel admitted during Senate testimony that the FBI has tracked U.S. citizens by purchasing location data without court search warrants, sparking strong criticism from Senator Ron Wyden, who argued the practice violates the Fourth Amendment and called for legislative reform to restrict such conduct. This finding reveals that the government's use of commercial data poses widespread surveillance risks.
動區BlockTempo58m ago
Husband accuses wife of stealing over 2,000 bitcoins! Judge: The plaintiff has a very high chance of winning.
The UK High Court is hearing a Bitcoin theft case in which the plaintiff accuses his wife of stealing 2,323 bitcoins and covertly recording the seed phrase through surveillance equipment. The court found the evidence disadvantageous to the defendant, including recordings and seized devices. While some claims were dismissed, the plaintiff has a very high probability of success, and the court will maintain the asset freeze order.
区块客59m ago
UK Man Accuses Ex-Wife of Stealing 2323 BTC After Divorce, Worth Approximately $238 Million
Gate News reported that on March 19, a man accused his ex-wife of stealing over 2323 bitcoins from his wallet after their divorce and transferring them to a place he cannot access, with the assets involved valued at up to 180 million pounds (approximately 238 million US dollars). Plaintiff Ping Fai Yuen has filed a lawsuit against his ex-wife Fun Yung Li at the London court over this matter. According to London court ruling documents published on March 10, since the litigation was initiated, the bitcoins involved in the case have been valued at up to 180 million pounds.
GateNews1h ago
Israeli Journalist Receives Death Threats After Reporting, Are Polymarket "Bettors" Becoming Fanatics?
Israeli *Times of Israel* military reporter Emanuel Fabian recently disclosed that after reporting on an Iranian ballistic missile that struck an empty field in Beit Shemesh, a suburb of Jerusalem, he faced sustained harassment from bettors associated with Polymarket, including receiving death threats.
This incident is particularly striking not only because it involves frontline war reporting and a prediction market with a funding pool exceeding $14 million, but also because it reveals an increasingly acute question: when market participants' profits begin to depend on media narratives, public information, and even violent events themselves, is the prediction market truly "price discovery," or is it creating dangerous incentives for the real world?
Why did a frontline report trigger a mob of bettors?
"That day, I reported on the *Times of Israel*'s live blog that the missile struck an empty field, with no
区块客2h ago
Hackers Attack US Company P3 Global Intel, Steal Millions of Confidential Police Report Data
Gate News: On March 19th, hackers claimed to have breached U.S. company P3 Global Intel and stolen millions of confidential police report records. According to the hackers' disclosure, they used social engineering tactics to take over a customer account at P3 Global Intel, and subsequently exploited system vulnerabilities to access large amounts of data. P3 Global Intel is a company that provides anonymous reporting services to law enforcement agencies, and this data breach involves a significant amount of sensitive information.
GateNews2h ago
