Ethereum layer-2 (L2) platform Abstract is investigating a wallet drain issue after some users reported compromised accounts, following a major milestone for the project’s Abstract Global Wallets (AGW).
Abstract Chain developer 0xBeans took to X on Feb. 18 to report that “some Abstract users” had been compromised.
The developer emphasized that the issue was “not a global AGW issue” but rather isolated to a specific application, pointing at a potential breach in the Abstract-based game Cardex.
“Seems to be Cardex, please do not interact for the time being,” 0xBeans wrote.
Abstract has just deployed 1 million AGW wallets
The issue came the next day after another member of the Abstract Chain team, 0xCygaar, reported on Feb. 17 that it had deployed more than 1 million AGW wallets.
“We’ve done more than almost anyone else in the space to bring on the next generation of smart wallets,” 0xCygaar said, adding: “We’re just starting.”
Source: 0xCygaar
Following the issue, 0xCygaar reiterated that the drain was related to Cardex, and urged users to revoke their sessions.
“This is not an issue with AGW’s contracts. There is no exploit with wallet functionality. This specific issue is related to negligence on the app regarding session key management,” he stated, adding:
“Our contracts have been audited multiple times. We had our session key module looked at specifically. These reports will be available shortly.”
Community worried about other apps
As Abstract developers assured users that AGW’s contracts have nothing to do with the wallet drain, some commentators online have voiced concerns about the safety of other apps in the Abstract ecosystem.
Others also urged the Abstract team to acknowledge responsibility for promoting Cardex on their website, accusing them of misleading users.
“You promoted Cardex on the website and official X account following them! It’s your fault!” one disgruntled user wrote.
Related: Javier Milei risks impeachment after endorsing $107M Libra rug pull
At the time of writing, the Abstract website features roughly 30 gaming apps, including card games such as Vibes TCG and Wits TCG. The Abstract team also doesn’t mention “Cardex” anywhere on its website or its blog.
An excerpt from the list of gaming apps featured on the Abstract website. Source: Abs.xyz
Some commentators also claimed their wallets were drained despite not using Cardex.
Abstract’s wallet drain came less than a month after the Abstract mainnet launched on Jan. 27. Abstract’s creator, Igloo — the parent firm of the blockchain-based artwork collection Pudgy Penguins — raised $11 million to build Abstract in July 2024.
Magazine: Ethereum L2s will be interoperable ‘within months’: Complete guide