ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Anthropic AI programming tool Claude Code's npm package leaked full source code
The blockchain security company Fuzzland’s research shows that the npm package of Anthropic’s AI programming tool Claude Code contains complete source map files, leaking the code of 1,906 source files. Although similar files were previously removed, the new version still contains this issue, exposing internal architecture and security mechanisms. यह leak does not involve user data, but it affects security.
GateNews25m ago
Quantum threats arrive early? Google simulates a “9-minute crypto hijacking” scenario, with 6.9 million BTC facing a crisis
Google’s quantum AI team research indicates that the quantum computing power needed to break Bitcoin is far lower than expected, possibly less than 500,000 qubits. Research simulations show that hackers can intercept ongoing Bitcoin transactions within 9 minutes, and that about one-third of Bitcoin is stored in wallets that have already been exposed, increasing the risk of quantum attacks. While Bitcoin’s Taproot upgrade strengthens privacy, it also exposes public keys, increasing asset risk.
区块客1h ago
U.S. Charges Suspect in $54M Uranium Finance Exploit as DeFi Crackdown Intensifies
A Maryland man has been charged with exploiting vulnerabilities at Uranium Finance, resulting in a $54 million loss. Prosecutors allege he hacked the platform, laundered the funds through high-value collectibles, and could face decades in prison.
LiveBTCNews1h ago
Steakhouse Financial’s front-end system was hacked; users should be alert for phishing risks
DeFi risk management platform Steakhouse Financial was recently hacked, and its frontend system was used for phishing, but user funds were not affected. The attack stemmed from social engineering targeting the server provider, and Steakhouse will roll back the malicious changes and publish an incident report. Experts advise users to improve their security awareness and watch out for phishing risks.
GateNews1h ago
Archblock files for bankruptcy, alleging related-party transactions involving Justin Sun and fraud in Eastern Europe
Crypto firms Archblock, TrustToken, and TrueCoin have filed for bankruptcy due to financial devastation after Techteryx failed to pay invoices and was defrauded by an Eastern European criminal group. The company has also been involved in multiple legal disputes, facing tax issues and high-risk investment losses, highlighting potential risks in the stablecoin industry.
GateNews2h ago
