Holdstation Wallet hacked for 462,000 USDT: Here's how hackers bypassed MFA and withdrew funds in 2 minutes

TapChiBitcoin

2026-02-26 03:07:26

WLD0,62%

BNB3,24%

DEFI19,14%

On February 26, 2026 – The Vietnam-based DeFAI Holdstation smart wallet project (built on Worldcoin and BNB Chain) confirmed it was a victim of a serious supply chain attack in the early morning of February 25, 2026. The total loss recorded is 462,000 USDT.

This is the project’s second security incident in 2026, after losing approximately $100,000 in January.

Supply Chain Attack: Not Targeting Smart Contracts but Infrastructure

According to official statements, the hacker did not directly breach user wallets or smart contracts. Holdstation and the auditing firm Verichains confirmed that the smart contracts remain secure.

Instead, the attacker targeted the application distribution infrastructure – the platform that provides updates to users.

Specifically, the hacker:

After gaining control of the infrastructure, the attacker modified the JavaScript files in the official app version, inserting malicious code as a backdoor. Users updating the app inadvertently installed the infected version.

“Silent” Withdrawal Mechanism

The malicious code is designed to activate immediately after installation:

As a result, many wallets were drained within the first few minutes after the malicious update was released.

Holdstation’s Emergency Response Within 30 Minutes

According to the timeline released (UTC+7):

Subsequently, Holdstation coordinated with Verichains to analyze on-chain data and gather evidence for the investigation.

The current confirmed total loss is 462,000 USDT.

100% Refund Commitment to Users

Holdstation commits to fully reimburse affected assets. Users are required to fill out the official form at:

https://forms.gle/9FriUzFWHx6ZPXCS7

The team will verify on-chain ownership and authenticate wallets before issuing refunds. The project emphasizes that no seed phrase, private key, or any fees are required during the reimbursement process.

Security Lessons for the Industry

The incident shows that even if smart contracts are secure, vulnerabilities in the software distribution infrastructure can cause significant losses. This type of attack is a supply chain attack – where hackers infiltrate the “entry point” of the product rather than attacking users directly.

Holdstation stated it is upgrading its entire release process, including:

This incident has attracted significant attention from the Vietnamese crypto community, as Holdstation is one of the DeFi wallet projects based in Ho Chi Minh City.

The project promises to continue updating the investigation progress in the coming days.

Vương Tiễn

View Original

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Hong Kong virtual currency trading platform AAX executive accused of embezzling over 600 million HKD, now charged with 4 counts

Enforcement Actions Security Incidents Exchange Risk

Hong Kong virtual currency trading platform AAX ceased operations due to system maintenance, resulting in over 300 customers being unable to recover approximately HKD 100 million in assets. The person in charge fled and was later arrested. They are currently facing multiple charges including theft and fraud. The police have confirmed that victims have suffered losses of about HKD 81 million.

GateNews2h ago

Ploutus protocol oracle configuration error resulted in a loss of approximately $390,000 in the pool.

ethereum news USDC news Security Incidents

The Ethereum Ploutus protocol liquidity pool was attacked due to an oracle configuration error, resulting in a loss of approximately $390,000. The attacker exploited the mistake to borrow 187 ETH, collateralizing only 8 USDC. The attack occurred after the configuration update.

GateNews2h ago

CertiK: FOOMCASH lottery contract may have been exploited, resulting in a loss of approximately $1.8 million

Security Incidents

Foresight News reports that, according to CertiK monitoring, the privacy gaming project FOOMCASH experienced a vulnerability exploitation event (or white-hat rescue operation) in its lottery contract, involving approximately $1.8 million. The root cause of the vulnerability may be related to its Groth16 verifier setup, allowing attackers to repeatedly collect ZOOM tokens when all other inputs remain the same.

GateNews3h ago

Korean police evidence points to escalation in Bitcoin theft case: 22 BTC stolen, two suspects arrested, raising concerns over asset custody security

bitcoin news Enforcement Actions Security Incidents

South Korean police recently arrested two suspects involved in the theft of 22 Bitcoins, with the stolen assets valued at approximately $1.5 million. These Bitcoins were originally evidence held by the police, highlighting vulnerabilities in digital asset management. Korean authorities are implementing stricter digital asset management systems to prevent such incidents from happening again.

GateNews4h ago

LLM Might Destroy Online Anonymity and Privacy: Can AI Find Out Who Satoshi Nakamoto Is?

Security Incidents Industry Reports

A recent study shows that large language models (LLMs) have the ability to de-anonymize internet users by inferring real identities from public posts, raising concerns within the crypto community and about online anonymity. Researchers point out that LLMs can automate data analysis processes, reducing identification costs, and in the future, text may be viewed as a data target for mining. Additionally, this could impact blockchain privacy and challenge traditional anonymity mechanisms.

ChainNewsAbmedia4h ago

IoTeX Bridge Hacked: 100% Compensation — Users with losses under $10,000 receive immediate reimbursement

Project Progress Security Incidents

The IoTeX Foundation has launched a compensation plan for the ioTube cross-chain bridge security incident, promising full compensation to users holding affected assets. Users can apply for compensation through the Claims Portal on February 27, with two options: immediate full payout and installment payments. Over 86% of the stolen funds have been frozen, and the foundation will conduct an independent security audit and cooperate with law enforcement agencies to investigate the attackers.

MarketWhisper5h ago

Comment

0/400

No comments