Abstract Reports $400,000 Loss Due to Cardex Security Breach
Abstract, a Layer 2 blockchain, experienced a security breach affecting over 9,000 wallets, leading to losses of $400,000. The attack targeted users of Cardex, a game on the Abstract Network, through a session key hack.
Details of the Incident
- Compromised session signer wallet exposed all Cardex users due to a leaked key in frontend code.
- Unauthorized transactions were made using weak session keys.
- Stolen assets included Ethereum worth $400,000; ERC20 tokens and NFTs remained unaffected.
- Abstract clarified that the breach was not related to its Abstract Global Wallet or affiliated entities.
- Users were advised to stop interacting with Cardex until a full security review is completed.
- Active sessions should be revoked to mitigate further risks.
- All projects using session keys will undergo security audits to prevent future issues.
Broader Security Challenges in Crypto
- In January, hackers stole nearly $80 million across the crypto industry, including a $69.1 million breach of Phemex.
- 2024 reports indicate $3.6 billion lost to scams and cyber attacks due to unauthorized access to wallets.
- Past incidents include dYdX's system flaw and a $600 million loss from the Ronin Network hack.
- DApps on platforms like Solana and Tron are also vulnerable, highlighting the need for improved Web3 security practices.