ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Prince Group is laundering 10.7 billion NT dollars in Taiwan! Developing their own "OJBK Wallet" to connect with underground currency exchanges.
The Taipei District Prosecutors Office is investigating the Cambodia "Prince Group" money laundering case, involving illegal proceeds of up to 10.7 billion. Sixty-two people, including Chen Zhi, have been indicted. The group was found to be using USDT and their self-developed "OJBK Wallet" for cross-border money laundering. Chen Zhi directed the establishment of companies in multiple countries, disguising criminal proceeds through false transaction contracts, and purchasing luxury homes and high-end cars. The prosecution is seeking a maximum sentence of 13 years for him.
区块客1h ago
New Coruna IOS Exploit Kit Raises Security Risks for Crypto Users
The newly identified "Coruna" exploit kit poses a serious threat to Apple devices, containing 23 sophisticated vulnerabilities that can compromise iPhones across multiple iOS versions. Researchers warn that these tools are circulating in cybercrime markets, emphasizing the need for regular software updates to enhance security.
TodayqNews1h ago
Hackers Steal $24M in Violent Crypto ‘Wrench Attack’
A cryptocurrency holder experienced a violent $24 million theft, termed a 'wrench attack,' where attackers used threats and weapons to coerce them into transferring funds. Blockchain analysts are tracking the stolen assets, which remain traceable as they are moved.
TheNewsCrypto2h ago
Suspected US government tool leak! Google reveals new type of cryptocurrency scam iPhone attack chain
Google Threat Intelligence Team Report Reveals New iPhone Exploit Kit Coruna Used in Large-Scale Cryptocurrency Scams. The toolkit uses JavaScript fingerprinting technology to identify iOS devices and steal crypto seed phrases and financial account information. All iPhone users are advised to update their systems immediately to prevent infection. The origin of Coruna is controversial, suspected to be linked to the U.S. government, but no definitive evidence has been provided.
MarketWhisper4h ago
Google Warning: Beware of Cryptocurrency Scams Using New iPhone Vulnerability Toolkits
Google Threat Intelligence Team reports the discovery of an iOS exploit kit called "Coruna," targeting iOS versions 13.0 to 17.2.1 on iPhones, capable of stealing encrypted wallet seed phrases. The kit contains multiple vulnerability chains and has been suspected of being used by Russian espionage groups to attack Ukrainian users. iPhone users are advised to update to the latest iOS version to enhance security.
GateNews4h ago
Cryptocurrency holder suffers $24 million violent robbery, offers a 10% bounty to recover stolen funds
A cryptocurrency holder reported being attacked on social media, losing approximately $24 million worth of crypto assets. The attacker used violence to threaten and force the transfer of funds. The incident has garnered widespread attention, and blockchain security companies are tracking the stolen funds. This event highlights the rising risk of physical attacks in the crypto space.
GateNews5h ago
