The open-source payment platform UPCX has halted transactions after an unauthorized withdrawal of roughly $70 million in digital assets.
A blockchain security firm identified the breach on April 1, highlighting irregular activities associated with 18.4 million UPC tokens.
The report indicated that the attacker had gained access to an administrative wallet for UPCX and altered its ProxyAdmin contract.
This alteration allowed the execution of a withdrawal function, facilitating the transfer of funds from three distinct management accounts. The stolen tokens are currently held in a single wallet, with no attempts noted to exchange or liquidate the assets.
UPCX suspends deposits and transactions
UPCX confirmed that it had detected unauthorized access and promptly suspended both deposits and withdrawals. The platform assured users that their personal funds were secure and that an internal investigation is underway.
The incident caused UPC’s token price to drop by 7%, falling from $4.06 to $3.77, according to online market tracking data.
As of the latest updates, UPCX has not shared any additional information regarding possible remedial actions. This incident is part of a larger trend of security breaches impacting crypto platforms, with attackers increasingly targeting administrative functions to steal funds.
The UPCX breach raises further concerns regarding Web3 security, highlighting the urgent need for enhanced smart contract security and stricter access controls to avert future incidents.