Update April 1, 1:42 PM UTC: This article has been updated to add comments from Cyvers co-founder and Chief Technology Officer Meir Dovev.
An unauthorized party retreated nearly $ 70 million in digital assets from the UPCX’s open-source payment platform, according to a security alert released on April 1.
The blockchain security firm cyvers That -flag The weakening activity involving 18.4 million UPC tokens, estimated the value of compromised funds to $ 70 million.
Cyvers said someone was accessing an UPCX address and that the proxyadmin contract was upgraded. The attack then performs a function that gives the admins backwards, leading to fund transfers from three different management accounts.
At the time of writing, stolen tokens were not replaced for other crypto ownership.
Cointelegraph contacted the UPCX for the comment but did not receive an immediate response.
UPC price sank 7% following unauthorized transition
UPCX has recognized that it saw the “unauthorized activity” involving its management accounts. The team suspended Deposits and backwards for UPCX in response to the incident. It said user assets were not affected by the issue and actively investigated this matter.
UPC’s token price dropped amid news of the incident. According to Coingecko, UPC token prices dropped 7%, from a high $ 4.06 to low $ 3.77 during the incident.
UPCX 24 hours price chart. Source: Coingecko
Related: Hacker steals $ 8.4m from RWA Restaking Protocol Zoth
UPC hack mirrors past attack patterns
In a statement, Cyvers co-founder and technology official Meir Dovev said to cointelegraph that while the root cause of the attack remained under investigation, these types of incidents often came from compromised credentials or access-access control mechanisms.
Dolev told Cointelegraph that both of these weaknesses were the main cause of web3 losses in 2024. The executive said the same causes were responsible for more than 80% of stolen funds during the year.
The cybersecurity executive also said the attack pattern was similar to previous exploitation. Dolev said to cointelegraph:
“This incident reflects the attack patterns that we have documented in previous exploits, where accessing the critical acts of administratives activate malicious upgrades and funding funds.”
The Executive added that the hack emphasized an urgent need to enhance security around purse permissions, multisignature implementation and transaction runime validation.
The $ 70 million stolen in the incident is more than double the amount lost in the last month. In March, crypto was stolen from hacks only reached $ 33 million.
https://www.youtube.com/watch?v=ndv0rFehetq
Magazine: Memecoins are ded – but solana ‘100x better’ in spite of income plunge
