Breaking News
admin
Feb 19 2025
2
Ethereum Layer-2 platform Abstract is investigating a wallet drain attack after multiple users reported compromised accounts. The security breach comes shortly after Abstract celebrated a major milestone—deploying over 1 million Abstract Global Wallets (AGW).
Abstract Users Targeted
Abstract Chain developer 0xBeans alerted the community on Feb. 18, stating that some users had been affected but emphasized that the issue was not related to the AGW infrastructure. Instead, the breach appears to be linked to Cardex, a game built on the Abstract network.
"Seems to be Cardex, please do not interact for the time being," 0xBeans wrote on X.
Security Concerns Surface After AGW Milestone
The incident follows an announcement by Abstract developer 0xCygaar on Feb. 17, highlighting that the network had surpassed 1 million AGW wallet deployments—a significant step toward making smart wallets mainstream.
"We’ve done more than almost anyone else in the space to bring on the next generation of smart wallets. We’re just getting started," 0xCygaar stated.
Developers Blame App’s Session Key Management
In response to the breach, 0xCygaar reassured users that AGW contracts were not compromised and instead blamed negligence in Cardex’s session key management.
"This is not an issue with AGW’s contracts. There is no exploit with wallet functionality. Our contracts have been audited multiple times, and session key security was specifically reviewed."
The Abstract team plans to release security reports soon to reinforce confidence in the platform’s smart wallet framework.
Community Demands Accountability
Despite Abstract’s assurances, some users raised concerns over the security of other apps in the ecosystem. Others accused the team of promoting Cardex on its official website and misleading users.
"You promoted Cardex on your website and followed them on X! It’s your fault!" a frustrated user posted.
At the time of writing, the Abstract website lists around 30 gaming apps, including Vibes TCG and Wits TCG, but Cardex is absent from both the site and official blog.
Adding to the controversy, some users claim their wallets were drained despite never interacting with Cardex—raising further security concerns.
Abstract’s Security Challenges After Mainnet Launch
This attack comes less than a month after Abstract’s mainnet went live on Jan. 27. The platform is backed by Igloo, the parent company behind Pudgy Penguins, which secured an $11 million investment in July 2024 to build the Abstract ecosystem.
As investigations continue, users are urged to revoke permissions and remain cautious while interacting with apps within the Abstract network.
