Holdstation suffered a hacker attack, losing 462,000 USDT. Services have been suspended and a full compensation has been promised

According to GoPlus monitoring, the account abstraction solution Holdstation suffered a supply chain attack, where the attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in the theft of user funds.

The attack resulted in a loss of 462,000 USDT, with the attacker's address being 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, committed to 100% compensation for affected users, and is working with security teams to investigate the incident, while also posting messages on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.