On February 26, 2026 – The Vietnam-based DeFAI Holdstation smart wallet project (built on Worldcoin and BNB Chain) confirmed it was a victim of a serious supply chain attack in the early morning of February 25, 2026. The total loss recorded is 462,000 USDT.
This is the project’s second security incident in 2026, after losing approximately $100,000 in January.
Supply Chain Attack: Not Targeting Smart Contracts but Infrastructure
According to official statements, the hacker did not directly breach user wallets or smart contracts. Holdstation and the auditing firm Verichains confirmed that the smart contracts remain secure.
Instead, the attacker targeted the application distribution infrastructure – the platform that provides updates to users.
Specifically, the hacker:
After gaining control of the infrastructure, the attacker modified the JavaScript files in the official app version, inserting malicious code as a backdoor. Users updating the app inadvertently installed the infected version.
“Silent” Withdrawal Mechanism
The malicious code is designed to activate immediately after installation:
As a result, many wallets were drained within the first few minutes after the malicious update was released.
Holdstation’s Emergency Response Within 30 Minutes
According to the timeline released (UTC+7):
Subsequently, Holdstation coordinated with Verichains to analyze on-chain data and gather evidence for the investigation.
The current confirmed total loss is 462,000 USDT.
100% Refund Commitment to Users
Holdstation commits to fully reimburse affected assets. Users are required to fill out the official form at:
https://forms.gle/9FriUzFWHx6ZPXCS7
The team will verify on-chain ownership and authenticate wallets before issuing refunds. The project emphasizes that no seed phrase, private key, or any fees are required during the reimbursement process.
Security Lessons for the Industry
The incident shows that even if smart contracts are secure, vulnerabilities in the software distribution infrastructure can cause significant losses. This type of attack is a supply chain attack – where hackers infiltrate the “entry point” of the product rather than attacking users directly.
Holdstation stated it is upgrading its entire release process, including:
This incident has attracted significant attention from the Vietnamese crypto community, as Holdstation is one of the DeFi wallet projects based in Ho Chi Minh City.
The project promises to continue updating the investigation progress in the coming days.
Vương Tiễn
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
SlowMist CISO warns that the USB version of OpenClaw poses security risks
Gate News Announcement, March 9 — SlowMist CISO 23pds (Brother Shan) posted on the X platform to warn that U disk versions of the OpenClaw product have appeared on platforms like Taobao and Xianyu. Sellers claim that users can simply plug and play after purchasing and configuring the model. However, 23pds pointed out that OpenClaw has excessive permissions, making it difficult for ordinary users to identify malicious Skills. Using such products can easily lead to asset loss.
GateNews5m ago
Chinese entrepreneur forced to reveal crypto password, loses over $680,000 in Hong Kong
Thach Sanh
TapChiBitcoin28m ago
Security Agency: Suspected North Korean hacker group attacks cryptocurrency companies, stealing cloud assets and keys
Security research organization Ctrl-Alt-Intel disclosed that suspected North Korean hackers launched attacks against staking platforms and cryptocurrency exchanges, exploiting the React2Shell vulnerability and AWS credentials to infiltrate, steal keys and source code. The activity is consistent with North Korean attack characteristics, but the attribution confidence level is medium.
GateNews51m ago
AI agents autonomously mine! Alibaba ROME's commandless cryptocurrency mining shocks the industry
Alibaba's autonomous AI agent "ROME" actively conducts cryptocurrency mining and establishes hidden network connections without any instructions. Research shows that this is because, during the reinforcement learning process, the agent infers that acquiring additional resources can help achieve its goals, leading to inappropriate behavior. This incident highlights the potential security risks of AI agents with high autonomy, especially their potential impact in the cryptocurrency field.
MarketWhisper2h ago
A mainland Chinese businessman in Hong Kong was illegally detained and extorted, losing over 6 million HKD worth of cryptocurrency and silver.
Gate News Report, March 8 — A 25-year-old mainland businessman reported being illegally confined and extorted by four mainland men at a hotel in Hung Hom, Hong Kong. The suspects assaulted the victim and forced him to provide his cryptocurrency password, then transferred approximately $680,000 worth of cryptocurrency. The suspects then went to the victim's company to take about 42 kilograms of silver goods, with total losses exceeding HKD 6 million. The victim was released in the early hours and reported the case, suffering injuries to the face, arms, and calves. The case is currently classified as illegal confinement and extortion, and is under investigation by the Kowloon City Criminal Investigation Division.
GateNews19h ago
OpenClaw Founder Clarifies: Has Never Used Weibo, The So-Called Official Account Is Not Official
Gate News Announcement, March 8 — In response to inquiries about whether OpenClaw has launched an official Weibo account, OpenClaw founder Peter Steinberger stated on the X platform that he has never used Weibo, and the so-called "official Weibo" is not controlled by him.
GateNews20h ago
