Abstract Reveals Cardex Hack Losses
The developer of the Ethereum-based L2 platform Abstract, known by the pseudonym Cygaar, disclosed that a vulnerability in the blockchain game application Cardex led to the theft of Ethereum worth $400,000 from 9,000 wallets.
— cygaar (@0xCygaar) February 18, 2025
Hackers attacked the project on February 18.
The programmer described the incident as a “session hijacking,” which allowed the perpetrators to access Cardex users’ addresses.
According to Cygaar’s report, hackers gained access to a session registration wallet shared by all Cardex users, facilitated by a key leak in the platform’s external code. This enabled control over players’ addresses and transactions with their assets.
The hack did not affect ERC-20 tokens, NFTs, or the main Abstract Global Wallet. The issue is solely related to the Cardex team’s management of session keys—temporary data that provides limited access to wallet functionality.
An Abstract representative advised users to cease interactions with the application and revoke active sessions to mitigate risks. It is expected that all projects using session keys on the Abstract portal will undergo an audit.
Earlier in February, the zkLend protocol lost approximately 3,666 ETH due to a hack. The project team offered the perpetrator to return 90% of the stolen funds, allowing them to keep 10% as a reward.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!