Key Notes

Key Notes:

Abstract is next in line to suffer a session key hack exploit.The attackers leveraged a loophole in the Cardex Wallet to drain $400,000.Web3 protocols are still a major target of hackers with more protocols involved.

Abstract, a Layer 2 blockchain, recently reported a security breach that resulted in major financial losses on its network. The report shared on X revealed that the exploit affected over 9,000 wallets.

The victims were users of Cardex, a blockchain game on the Abstract Network. The attack, identified as a session key hack, caused a loss of $400,000 in user funds.

According to Cygaar, a contributor at Abstract, the breach resulted from a compromised session signer wallet. All Cardex users shared this wallet and became exposed due to a leaked key in Cardex’s frontend code.

Session keys are designed to let third-party apps use certain wallet functions quickly, making things easier for users. However, Cardex was careless with these keys. The hacker took control of the weak keys and made unauthorized transactions on behalf of users.

It was revealed that Ethereum ETH $2 769 24h volatility: 5.0% Market cap: $333.82 B Vol. 24h: $18.23 B worth $400,000 was stolen across 9,000 compromised wallets. Users’ ERC20 tokens and Non-Fungible Tokens (NFTs) were not affected.

In its report, the Layer-2 protocol clarified that this was not due to a flaw in the Abstract Global Wallet (AGW) or any affiliated entities. Instead, it was a one-time issue caused by Cardex not handling session keys correctly.

Abstract stressed that session keys must be carefully managed to prevent unauthorized access, as seen in this incident. In response to the incident, Abstract warned users to stop interacting with Cardex until a full security review is completed.

Also, all active sessions should be revoked to reduce further risks. The blockchain also announced that all projects using session keys on its platform would undergo security audits. This is to prevent similar issues in the future.

Blockchain experts have always advocated for better security practices in Web3 applications, especially when handling sensitive wallet permissions.

The Cardex and Abstract exploit is part of a broader trend of security challenges in the crypto industry.

Coinspeaker reported that hackers stole nearly $80 million from the crypto industry in January. The biggest attack featured a $69.1 million breach of the Phemex exchange. Another major incident was a $2.5 million exploit on the Moby Trade platform. These attacks often result from vulnerabilities in private key management and smart contract code.

A report by Cyvers showed that in 2024, crypto scams and cyber attacks led to a loss of $3.6 billion. Many of these losses happened because hackers gained unauthorized access to wallets and accounts.

Even as far back as 2022, a dYdX system flaw let attackers access user accounts and steal funds. That same year, the Ronin Network was hacked after a private key leak, causing a $600 million loss in Ethereum and USDC USDC $1.00 24h volatility: 0.0% Market cap: $57.09 B Vol. 24h: $3.76 B .

DApps in other ecosystems like Solana and Tron are also major targets of hackers, making the case for innovators to enhance Web3 security.

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Benjamin Godfrey is a blockchain enthusiast and journalist who relishes writing about the real life applications of blockchain technology and innovations to drive general acceptance and worldwide integration of the emerging technology. His desire to educate people about cryptocurrencies inspires his contributions to renowned blockchain media and sites.

Godfrey Benjamin on X

Julia Sakovich on X