TechFlow News: On February 27, GoPlus monitoring detected a supply-chain attack against Holdstation, an account abstraction solution. Attackers stole developers’ session tokens, bypassed two-factor authentication, and injected malicious code into application updates—resulting in the theft of user funds. This incident caused total losses amounting to $462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged full compensation for affected users, and is collaborating with security teams to investigate the incident. Additionally, they have posted on-chain messages urging the attacker to return the stolen funds via a bug bounty program.
Add to Favorites
Share to Social Media
