ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
ResolvLabs Stablecoin USR Suspected Vulnerability, Sharp Plunge of 74.2% to $0.257
Gate News reports that on March 22, according to on-chain analysts' monitoring, ResolvLabs stablecoin USR allegedly experienced a vulnerability. A certain address minted 50 million USR tokens using 100,000 USDC, causing USR to plummet to $0.257 in the short term, representing a decline of 74.2%. Subsequently, the price recovered somewhat and is currently trading at $0.7847. As of press time, the ResolvLabs team has not yet responded to this incident.
GateNews1h ago
FBI Issues Warning as Fake Tron Token Targets Crypto Wallets With Urgent Scam
Crypto scammers are increasingly exploiting trusted institutions like the FBI to deceive users, using fake Tron-based tokens and urgent messaging to steal sensitive data while losses across digital asset fraud surge into the billions.
FBI Issues Warning Raising Alarm Over Expanding Crypto Scam
Coinpedia1h ago
66-Year-Old Hong Kong Man Loses $840,000 in Retirement Savings in Three "Crypto Expert" Scams
A 66-year-old retiree in Hong Kong lost HK$6.6 million (approximately US$840,000) in a series of crypto investment scams after trusting self-proclaimed "crypto experts" via WhatsApp. Despite reporting the incidents, the victim fell prey to multiple fraudsters promising secure returns.
TapChiBitcoin2h ago
Venus Attacker Converts BNB and Other Assets to ETH, Invested $9.92 Million Only Recovered $5 Million
On March 22, on-chain analyst Remainder monitored that the Venus attacker converted all previously extracted BNB, BTC, and CAKE into ETH and bridged it to the Ethereum network, valued at approximately $4.72 million. Currently, the attacker has recovered assets worth approximately $5 million, but whether they conducted long/short operations on trading platforms remains unconfirmed.
GateNews2h ago
Wallet Draining Scam Targets Openclaw Community With Fake Airdrop
A phishing campaign on Github is targeting Openclaw developers, tricking them into connecting crypto wallets through fake token offers. Users are warned to avoid such sites to protect their funds.
Coinpedia8h ago
iPhone Explodes with Critical Vulnerability "DarkSword": Hackers Can Steal Crypto Wallets and Private Keys, Crypto Users Become New Targets
Google's latest disclosure of the DarkSword iOS attack chain exploits multiple zero-day vulnerabilities, threatening the asset security of cryptocurrency users. This attack tool has been widely used by commercial spyware and nation-state hackers, capable of completely controlling iPhones and accessing crypto wallets and sensitive data. Research shows that up to 2.7 billion iPhone devices are affected, with risks particularly severe for users accustomed to using Web3. Although Apple has patched the vulnerabilities, the attack techniques remain replicable, and potential threats persist.
ChainNewsAbmedia13h ago
