Someone just made off with a cool $70 million from open-source payment platform UPCX, and it wasn’t a planned heist.
On April 1, blockchain security firm Cyvers detected funny business: 18.4 million UPC tokens moving suspiciously, which they valued at around $70 million.
Turns out, an unauthorized individual waltzed into a UPCX address, fiddled with its ProxyAdmin contract, and then used an admin withdrawal function to pilfer funds from three management accounts, according to Cyvers.
As of now, these pilfered tokens are still sitting tight, not yet exchanged for other crypto assets.
Meir Dolev, Cyvers’ co-founder and CTO, suspects the digital burglary likely resulted from compromised credentials or weak access controls, though he admitted the root cause is still murky.