Hacker transfers $70M out of payment platform UPCX
Update April 1, 1:42 pm UTC: This article has been updated to add comments from Cyvers co-founder and chief technology officer Meir Dolev.An unauthorized party withdrew about $70 million in digital assets from open-sourc...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Update April 1, 1:42 pm UTC: This article has been updated to add comments from Cyvers co-founder and chief technology officer Meir Dolev.
An unauthorized party withdrew about $70 million in digital assets from open-source payment platform UPCX, according to a security alert issued on April 1.
The blockchain security firm Cyvers flagged suspicious activity involving 18.4 million UPC tokens, estimating the value of the compromised funds at $70 million.
Cyvers said someone accessed a UPCX address and upgraded its ProxyAdmin contract. The attacker then executed a function that allows admins to withdraw, leading to fund transfers from three different management accounts.
At the time of writing, the stolen tokens had not been swapped for other crypto assets.
Cointelegraph contacted UPCX for comment but did not receive an immediate response.
UPC price dips 7% following unauthorized transferUPCX acknowledged it had detected “unauthorized activity” involving its management accounts. The team suspended deposits and withdrawals for UPCX in response to the incident. It said user assets are unaffected by the issue and it is actively investigating the matter.
UPC’s token price dropped amid news of the incident. According to CoinGecko, UPC’s token prices dropped 7%, from a high of $4.06 to a low of $3.77 during the incident.
UPCX 24-hour price chart. Source: CoinGecko
Related: Hacker steals $8.4M from RWA restaking protocol Zoth
UPC hack mirrors previous attack patternsIn a statement, Cyvers co-founder and chief technology officer Meir Dolev told Cointelegraph that while the root cause of the attack remained under investigation, these types of incidents often stem from compromised credentials or flawed access control mechanisms.
Dolev told Cointelegraph that both of these vulnerabilities have been the predominant cause of Web3 losses in 2024. The executive said the same causes were responsible for over 80% of the stolen funds during the year.
The cybersecurity executive also said the attack pattern was similar to previous exploits. Dolev told Cointelegraph:
“This incident mirrors attack patterns we’ve documented in prior exploits, where access to critical administrative roles enabled malicious upgrades and fund drainage.”The executive added that the hack underscored an urgent need to enhance security around wallet permissions, multisignature implementations and runtime transaction validation.
The $70 million stolen in the incident would more than double the amount lost in the previous month. In March, crypto stolen from hacks only reached $33 million.
Magazine: Memecoins are ded — But Solana ‘100x better’ despite revenue plunge
Why this matters
This cryptocurrency story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on CointelegraphRelated market context
Dutch crypto exchange collapses exposing customer balances’ true value amid multi-million-euro hole
Dutch crypto exchange Knaken's operating company and its affiliated payments foundation entered court-controlled bankruptcy on Jul...
Citadel Securities Invests $400 Million in Crypto.com at a $20 Billion Valuation
Crypto.com has said it has received a $400 million investment from Citadel Securities at a $20 billion valuation. The investment m...
Citadel backs two rival crypto exchanges with $600 million as both chase the same Wall Street prize
Citadel Securities, the Wall Street market maker, now has $600 million in announced strategic investments across two rival crypto...
Tether Backs Argentine Neobank Ualá With a $20 Million Strategic Investment
The investment was part of a large $197 million funding round that valued Ualá at $3.2 billion in March. No operational integratio...
Lamine Yamal’s World Cup run sparks neighborhood pride and a wave of unauthorized crypto tokens
Unofficial $YAMAL fan tokens on Solana emerge as Spain's Lamine Yamal heads to the 2026 World Cup final, but with market caps unde...
Tether’s USDT Is Adding Over 30 Million Wallets Every Quarter, CEO Paolo Ardoino Says
Tether CEO Paolo Ardoino says USDT’s user base is growing by more than 30 million wallets per quarter, extending the stablecoin’s...