Abstract Chain, second-level network Ethereum , created by Igloo Inc., which also launched the popular NFT - the Pudgy Penguins collection, presented preliminary data on the exploit of the blockchain game Cardex.
The Cardex game was launched last week on the l2 Abstract blockchain network Ethereum However, on Tuesday, an incident occurred that Abstract developers described as a “session key hack,” which allowed scammers to gain access to Cardex users’ wallets.
The author of the publication, under the pseudonym Cygaar, reported that as a result of the hack, the common wallet for all Cardex users for signing sessions was compromised, which led to a leak of the key from the external code of the blockchain game.
According to Abstract, the scammers gained access to 9000 Cardex players' wallets, from which they stole more than $400 in Ethereum. At the same time, it turned out that Abstract Global Wallet users' funds were not affected.
Immediately after the issue was discovered, the Abstract team urged users to avoid interacting with Cardex and to terminate all active sessions with the application to reduce risks. All projects using session keys on the Abstract network are also expected to undergo an audit.
