Abstract Chain users have been compromised, most likely linked to Cardex app
Multiple users have been compromised on Abstract Chain, an EVM-compatible L2 solution, though the issue was limited to specific wallets. Abstract Chain says its platform remains secure, and no network-wide issue has been noticed.
Abstract Chain users with exposure to the Cardex app may be individually affected, as noticed by on-chain investigators.
The Abstract Chain team confirmed that the network is secure and that no attacks occurred on any wallets. The team tracked the problem to a specific app.
We are aware of some Abstract users being compromised and want to assure everyone it is not a network wide Abstract Global Wallet (AGW) issue.
This issue seems to be isolated to an app (seems to be Cardex, please do not interact for the time being), we are working to get to the…
— 0xBeans (@0x_Beans) February 18, 2025
They did not announce the amount of drained funds and aim to keep the vulnerability a secret to prevent further losses.
Cardex went live on the Abstract Chain after February 12 and has already met with the first problem of the partnership. Cardex is a collectible and gaming app, currently running an active tournament, which may have exposed more wallets. Amid the chaos, users have suggested activating 2FA for all Abstract Chain accounts.
Abstract Chain wallet affects other wallets and accounts
Some Abstract users noted all types of wallets were drained, not only those that engaged with Cardex. Web3 investigators also identified the attack as a ‘first session key hack’. A malicious session that connected the wallet to an app gave the exploiter access to all wallets for a month.
Currently investing the "first session keys hack" on @AbstractChain. Sent relevant info to the team !
This malicious SC :
0xee580828b426b6cc33817bCE419DaF65a516aA7e got users rights from a session keys signature giving full rights on wallet for approx 1 month.It's a big one :/ pic.twitter.com/wNxjHC6ngl
— RpGmAx (@RpGmAx) February 18, 2025
After the recent hack, on-chain investigators advised users to disconnect from all apps, especially Cardex. Users are urged to move their funds from the wallets, and remove all permissions for Cardex.
An ongoing investigation found the address that is accumulating funds from compromised wallets. Less than two hours after the hack, the amount was relatively minor: $24,520, mostly in Ethereum (ETH), with no other coins or tokens affected.
Additionally, the malicious wallets may hold up to 50 ETH, with wallets draining still ongoing. When a wallet has been compromised, it checks for sufficient gas. However, because it has given permission to the malicious session contract, it will send the funds to the address of the exploiter.
There are also rumors that even wallets with 2FA activated can be drained, as they have given permission to the contract.
The final balance in the exploiter’s wallet is unclear, as there are data of up to $81,000 drained. The funds were apparently moved, though no outgoing transaction is found.
On-chain data showed over 7,000 incoming transactions sent to the hacker’s wallet. This level of activity points to the possible number of affected wallets. Most of the transactions are for minimal amounts of ETH, as the wallets are used for small-scale on-chain usage and fun apps.
Wallet hacks threaten Web3 adoption
Abstract wallets, which offered a login similar to regular web services, were seen as one of the answers to wider Web3 adoption.
The Abstract Chain wallet hack revealed those tools are not entirely suited for users with no blockchain experience. App connections are still risky, as any contract in the ecosystem can be compromised.
Currently, the only known safeguard is to stop permissions for all apps, and move the funds to a safe wallet if possible. The attack also showed signs of stopping after a total of 17,304 incoming transactions exhausted the pool of vulnerable wallets.
The amount of funds drained reached $31,570. Other estimates saw the funds flow out of the hacker’s wallet and pinned the losses at over $100,000 since the start of the exploit. Estimates vary wildly, with some on-chain explorers noticing up to 300 ETH drained.
Abstract Chain allows users to create sessions for apps, which may expose their addresses. The chain remained highly popular, as it is linked to the Pudgy Penguins community. However, the user sessions and app permissions may be an ongoing weakness to compromise wallets.
Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here
Recommended Articles
