Abstract responds to security incident: isolated vulnerability from third-party application Cardex, resulting in a loss of approximately 400,000 dollars

Odaily Planet Daily News Abstract posted an article in X in response to the security incident: "This morning, the Abstract security team detected a vulnerability originating from the application Cardex in The Portal. This is not a vulnerability in the Abstract Global Wallet (AGW) or the Abstract network itself, but an isolated security glitch in a third-party application (Cardex). Thanks to our engineering team, security researchers, Seal 911, and Cardex team for taking swift action to eliminate the vulnerability and prevent further unauthorized access to user funds. The vulnerability involved a loss of token value of approximately $400,000. Vulnerability Cause The Cardex team has completed the preliminary review, and has been allowed to list on the portal website. During this process, the Cardex team inadvertently exposed the private key to the session signer on their website frontend, which is beyond the scope of the review and is a practice we warn against. This allows attackers to initiate transactions against the Cardex contract for any approved session key wallet. Abstract Security Standard Before adding any application to our portal, Abstract follows a strict security process. This includes: one-on-one onboarding training with each team, collaboration on best security practices, and mandatory extensive security reviews. We will continue to consult with builders and security experts regularly to improve our processes and establish industry standards for security and user protection. Users need to take action To prevent potential attack vectors, we strongly recommend that users regularly revoke approvals and permissions for applications and tokens in their Abstract wallets through Revoke.