Cardex Exploit on Abstract Chain Drains Users’ Assets

Abstract Chain, an Ethereum Layer 2 network developed by the company behind Pudgy Penguins, is investigating a breach of its network after several users reported that their assets had been drained.

Abstract Chain developer 0xBeans revealed in an X post on Feb. 18 that “some Abstract users” had been compromised.

The developer emphasized that the issue was unrelated to the company’s recently launched Abstract Global Wallets (AGW). 0xBeans emphasized the attack was “not a global AGW issue” but rather isolated to a specific application. The exploit has been linked to the Abstract-based game Cardex.

“This issue seems to be isolated to an app (seems to be Cardex, please do not interact for the time being), we are working to get to the bottom of it,” 0xBeans highlighted in the post.

Abstract Chain’s users on Discord filed complaints, demanding refunds for their losses. Some users claim to have lost over $100,000 in Ethereum (ETH).

The exploit comes after the network celebrated the milestone of over 1 million deployed AGW wallets on Feb. 17.

“Over 1 million Abstract Global Wallets have been deployed since we launched,” Abstract team member 0xCygaar said, adding: “We’ve done more than almost anyone else in the space to bring on the next generation of smart wallets.”

It was speculated that the attack on Abstract involved AGW. However, 0xCygaar reiterated that the drain was related to Cardex and advised users to withdraw their assets.

0xCygaar added that users who have never interacted with Cardex are not at risk. Moreover, the Abstract team has upgraded the Cardex contract to patch the vulnerability.

“Cardex contract has been upgraded, so no more users will be affected by this exploit,” 0xCygaar confirmed a few hours after the attack.