UPCX halts transactions after $70 million hack exposes vulnerabilities

The crypto payments platform UPCX temporarily halted deposits and withdrawals following a security breach that may have led to the loss of around $70 million in digital assets.

On April 1, the platform revealed it had detected unauthorized access to a management account. In response, UPCX immediately suspended all user transactions as a precaution while launching an internal investigation. The team assured users that their funds remain secure and untouched.

Security experts at Cyvers flagged the issue after identifying multiple suspicious transactions connected to the platform.

According to the firm’s analysis, the attacker gained access to a key administrative wallet, modified its smart contract permissions, and triggered a function that allowed them to move 18.4 million UPC tokens, valued at roughly $70 million.

Cyvers said the stolen funds are still in a single wallet, and no further attempts to convert or transfer the assets have been observed as of press time.

Cyvers CTO Meir Dolev explained to CryptoSlate that the attack mirrors the most significant exploits in the past year that stemmed from compromised credentials or poor access control. These issues accounted for over 80% of stolen funds across the Web3 space last year.

Dolev said:

“This incident mirrors attack patterns we’ve documented in prior exploits, where access to critical administrative roles enabled malicious upgrades and fund drainage. It underscores the urgent need for enhanced security around wallet permissions, multisig implementations, and runtime transaction validation.”

Q1 hacks

The UPCX incident is the first significant hack in the second quarter, adding to a growing list of attacks this year.

According to data from PeckShield, over $1.63 billion was stolen across more than 60 crypto exploits in the first quarter. This figure marks a 131% increase compared to the first quarter of 2024, when losses totaled $706 million.

The most damaging attacks during the first quarter were a $1.46 billion exploit targeting Bybit and a $69.1 million breach at Phemex. Combined, the two accounted for 94% of the total losses.

Meanwhile, March alone saw 20 separate hacks totaling over $33 million in damages. The largest was a $13 million theft from DeFi protocol Abracadabra.money, followed by an $8.4 million exploit at Zoth, a real-world asset staking platform.

The post UPCX halts transactions after $70 million hack exposes vulnerabilities appeared first on CryptoSlate.