N
NewsMaker
Administrator
- USD
- $40,998,899
- Gold
- G4,000
Update April 1, 1:42 pm UTC: This article has been updated to add comments from Cyvers co-founder and chief technology officer Meir Dolev.
An unauthorized party withdrew about $70 million in digital assets from open-source payment platform UPCX, according to a security alert issued on April 1.
The blockchain security firm Cyvers flagged suspicious activity involving 18.4 million UPC tokens, estimating the value of the compromised funds at $70 million.
Cyvers said someone accessed a UPCX address and upgraded its ProxyAdmin contract. The attacker then executed a function that allows admins to withdraw, leading to fund transfers from three different management accounts.
At the time of writing, the stolen tokens had not been swapped for other crypto assets.
Cointelegraph contacted UPCX for comment but did not receive an immediate response.
UPC price dips by 7% amid unauthorized transfer
UPCX acknowledged it had detected βunauthorized activityβ involving its management accounts. The team suspended deposits and withdrawals for UPCX in response to the incident. It said user assets are unaffected by the issue and it is actively investigating the matter.
UPCβs token price dropped amid news of the incident. According to CoinGecko, UPCβs token prices dropped 7%, from a high of $4.06 to a low of $3.77 during the incident.
UPCX 24-hour price chart. Source: CoinGecko
Related: Hacker steals $8.4M from RWA restaking protocol Zoth
UPC hack mirrors previous attack patterns
In a statement, Cyvers co-founder and chief technology officer Meir Dolev told Cointelegraph that while the root cause of the attack remained under investigation, these types of incidents often stem from compromised credentials or flawed access control mechanisms.
Dolev told Cointelegraph that both of these vulnerabilities have been the predominant cause of Web3 losses in 2024. The executive said the same causes were responsible for over 80% of the stolen funds during the year.
The cybersecurity executive also said the attack pattern was similar to previous exploits. Dolev told Cointelegraph:
The executive added that the hack underscored an urgent need to enhance security around wallet permissions, multisignature implementations and runtime transaction validation.
The $70 million stolen in the incident would more than double the amount lost in the previous month. In March, crypto stolen from hacks only reached $33 million.
Magazine: Memecoins are ded β But Solana β100x betterβ despite revenue plunge
Actual Crypto Price of Cryptocurrency on the market now
Bitcoin/USD
Ethereum ETH
Litecoin LTC
Solana SOL
Tron TRX
Contacts for ads and profitable Investments
Click Here
Read more
