Ethereum Layer-2 Abstract Investigates Wallet Drain, Possible Link to Cardex

Ethereum layer-2 platform Abstract is investigating a wallet drain affecting some users, with early findings suggesting a potential breach tied to Cardex, a game built on Abstract’s network.

Abstract Developers Address Security Concerns

The issue surfaced following reports of compromised user accounts, just a day after Abstract achieved a major milestone by deploying over 1 million Abstract Global Wallets (AGW).

Abstract Chain developer 0xBeans confirmed the incident on X (formerly Twitter) on February 18, but emphasized that the issue was not a global AGW vulnerability, instead pointing to a specific application-related breach.

“Seems to be Cardex, please do not interact for the time being,” 0xBeans wrote.

Security Incident Follows Major AGW Deployment

The security concerns emerged one day after Abstract team member 0xCygaar announced the successful deployment of over 1 million AGW wallets on February 17.

“We’ve done more than almost anyone else in the space to bring on the next generation of smart wallets,” 0xCygaar stated, adding, “We’re just starting.”

Following the wallet drain reports, 0xCygaar reaffirmed that the issue was unrelated to AGW contracts or wallet functionality. Instead, he attributed the incident to session key management lapses within Cardex.

“This is not an issue with AGW’s contracts. There is no exploit with wallet functionality. This specific issue is related to negligence on the app regarding session key management,” he explained.

Mitigation Efforts and Audit Reports

In response to the breach, Abstract developers have urged users to revoke their active sessions to prevent further exposure.

0xCygaar also reassured the community that Abstract’s smart contracts have undergone multiple audits, including a specific review of its session key module.

“Our contracts have been audited multiple times. We had our session key module looked at specifically. These reports will be available shortly,” he added.

Next Steps for Abstract and the Crypto Community

While Abstract developers work to contain the fallout from the Cardex-related security issue, the incident highlights the broader risks associated with decentralized applications (dApps) and third-party integrations on blockchain networks.

As investigations continue, users are advised to take necessary security precautions, including revoking session keys and monitoring their wallets for unauthorized activity.