TechFlow reported on February 19 that, according to an official report from the Layer 2 network Abstract, its ecosystem application Cardex suffered a security vulnerability attack. The incident occurred when the Cardex team accidentally exposed the private key of the session signer in the frontend of its website after completing an initial security audit. This vulnerability allowed attackers to initiate transactions from any wallet with authorized session keys, resulting in approximately $400,000 worth of token losses.
Abstract stated that this vulnerability was limited to the third-party application Cardex and did not affect the Abstract Global Wallet (AGW) or the Abstract network itself. The team advised users to regularly revoke authorizations for applications and tokens in their wallets to mitigate potential risks.
Earlier reports indicated that some Abstract Chain users were attacked, with the team suggesting the issue may have originated from the Cardex application.




