ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
DeFi Exploits Surge in 2026 As Market Loses $137M in 3 Months
In the first three months of 2026, DeFi platforms have suffered over $137M in losses from exploits, with Step Finance facing the most significant loss of $27.3M due to a private key compromise. Other notable losses were reported by Truebit, Resolv, and SwapNet.
BlockChainReporter2h ago
OpenClaw v2026.3.22 version omits critical files, and upgrading may cause the console interface to disappear
Gate News reports that on March 23, according to community feedback, the OpenClaw npm package version v2026.3.22 was missing the dist/control-ui directory files at release, which may cause the console interface to disappear after users upgrade. Currently, community members have proposed a fix, but the security of this solution has not yet been officially verified.
GateNews6h ago
Resolv Hack Mints $80M Fake USR, Triggers Market Chaos
A security breach at Resolv Labs allowed attackers to mint 80 million uncollateralized USR stablecoins, causing a price collapse and market instability. Resolv paused contracts, burned illicit tokens, and confirmed $141 million in secure collateral.
CryptoFrontNews8h ago
Resolv USR Exploit Triggers 50M Mint and Sharp Depeg
Resolv Labs faced a security breach where attackers minted 50M unbacked USR tokens, causing a rapid sell-off that depegged USR. Recovery efforts are ongoing, with losses estimated at $25M, while protocol operations remain paused.
CryptoFrontNews10h ago
