ChainCatcher reports that, according to GoPlus monitoring, the account abstraction solution Holdstation has been targeted in a supply chain attack. The attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in user funds being stolen.
The attack caused a total loss of 462,000 USDT. The attacker’s address is 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, pledged to fully compensate affected users, and is working with security teams to investigate the incident. They also posted a message on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Project Eleven awards Q-Day 1 BTC bounty: researchers use a quantum computer to crack a 15-bit elliptic curve key
Project Eleven, a nonprofit organization focusing on research into “Q-Day (Quantum Computer Breaks Blockchain Cryptography Day),” announced on 4/24 that it would award a $1 Bitcoin bounty to independent researcher Giancarlo Lelli. Using a Shor algorithm variant on publicly accessible cloud quantum computer hardware, Lelli successfully cracked a 15-bit elliptic curve key—marking the largest public quantum attack demonstration to date.
Attack Scale and Significance
Project Content Winner Giancarlo Lelli (Independent Researcher) Attack Target 15-bit elliptic curve key, searching 32,767 possibilities Using Hardware Publicly accessible cloud quantum computers Algorithm Shor
ChainNewsAbmedia3m ago
Researcher Breaks 15-Bit Elliptic Curve Key, Wins 1 BTC Bounty
Independent researcher Giancarlo Lelli derived a 15-bit elliptic curve key using a publicly accessible quantum computer, marking what Project Eleven called the "largest quantum attack" on elliptic curve cryptography to date, according to the startup. Project Eleven awarded Lelli a 1 BTC bounty,
CryptoFrontier1h ago
Polymarket Adds Steam Login, Balancer Hacker Swaps 7,000 ETH for BTC, Aave Chan Proposes Deposit Vault
Gate News message, April 24 — Polymarket introduced a new Steam account login option, expanding access methods for users. Saturn increased its STRC holdings, with total positions valued at $33 million. A Balancer hacker converted 7,000 ETH into 204.7 BTC, equivalent to approximately $15.88 million,
GateNews4h ago
Balancer Hacker Converts 7,000 ETH to 204.7 BTC via THORChain Today
Gate News message, April 24 — The hacker who stole approximately $98 million in assets from Balancer in November 2025 has begun converting ETH to BTC through the cross-chain protocol THORChain. Today, the attacker exchanged 7,000 ETH for 204.7 BTC, valued at approximately $15.88 million, with
GateNews5h ago
Slow Mist Warns of MioLab, Malware-as-a-Service Platform Targeting Crypto Assets and Hardware Wallets on macOS
Gate News message, April 24 — Slow Mist Chief Information Security Officer 23pds disclosed on X that MioLab is a highly commercialized macOS malware-as-a-service (MaaS) platform actively promoted on Russian underground forums, offering C2 control, API integration, and customized attack
GateNews7h ago
