Abstract Response to Security Incident: An isolated vulnerability originating from third-party application Cardex resulted in a loss of approximately $400000

Odaily Planet Daily News: Abstract responded to the security incident in an article on X: "This morning, the Abstract security team detected a vulnerability originating from the Cardex application within The Portal. This is not a vulnerability of Abstract Global Wallet (AGW) or the Abstract network itself, but an isolated security failure of a third-party application (Cardex). Thank you to our engineering team, security researchers, Seal 911, and Cardex team for taking prompt action to eliminate the vulnerability and prevent further unauthorized access to user funds. The vulnerability involves a loss of approximately $400000 in token value. Reasons for vulnerabilities The Cardex team has completed the preliminary review and has been approved to list it on the portal website. During this process, the Cardex team inadvertently exposed the private key to the session signer on their website's front-end, which exceeded the scope of the review and was also a warning to us. This allows attackers to initiate transactions against Cardex contracts on any wallet with approved session keys. Abstract Safety Standards Abstract follows strict security procedures before adding any application to our portal. This includes one-on-one introduction training with each team, collaboration on best security practices, and mandatory extensive security audits. We will continue to regularly consult with builders and security experts to improve our processes and establish industry standards for security and user protection. Users need to take action To prevent potential attack vectors, we strongly recommend that users regularly revoke approvals and permissions for applications and tokens in their Abstract wallet through Revoke