Abstract, Ethereum layer-2 (L2) platform, is facing a serious security issue after several users reported their wallets being drained: developers deny a global vulnerability, but suspicions arise about an app linked to Cardex.
Let’s see all the details in this article.
Abstract, Ethereum layer-2 platform, under the spotlight: targeted attack or flaw in the ecosystem? Controversies on Cardex
Abstract, one of the main layer-2 (L2) platforms of Ethereum, is experiencing a turbulent time.
After the recent implementation of over a million Abstract Global Wallets (AGW), some users have reported the sudden draining of their funds.
The alarm was raised on February 18 by the developer 0xBeans, who warned the community on X of a possible targeted attack.
However, the Abstract team quickly clarified that it is not a global issue related to AGW, but rather an isolated case linked to a specific application: Cardex, a game based on Abstract.
“It seems to be Cardex, avoid interacting with the app for the moment,” wrote 0xBeans, fueling the suspicion that the attack stems from a flaw in the management of the application’s session keys.
The incident comes at a time of strong growth for Abstract.
Only the day before, on February 17, the developer 0xCygaar had celebrated on X the milestone of one million wallets implemented, highlighting the team’s commitment to innovation in smart wallet solutions.
“We have done more than anyone else in the industry to push the next generation of smart wallets,” stated 0xCygaar, assuring that the expansion of the Abstract ecosystem was just beginning.
However, the rapid rise of the platform was abruptly interrupted by reports of drained wallets, putting into question the security of the network.
Cardex in the crosshairs: Abstract distances itself
After the explosion of the case, the Abstract team reiterated that the problem does not concern the AGW contracts, but exclusively Cardex. 0xCygaar invited users to revoke active sessions and to avoid the application until further notice:
“This is not a vulnerability in our contracts. We have checked our key session modules multiple times and will publish the security reports shortly.”
Despite the reassurances, many users of the community remain skeptical, expressing concern for the security of the other applications present on Abstract.
Making the case even more controversial is the relationship between Abstract and Cardex. Some users have accused the Abstract team of promoting the game, thus contributing to the spread of the attack.
“You have advertised Cardex on the official site and on the X account, following them! It is your responsibility!”, wrote an indignant user.
Other members of the community claim that their portfolios have been compromised even though they have never interacted with Cardex, fueling doubts about a possible wider flaw in the Abstract ecosystem.
The incident occurs less than a month after the launch of Abstract’s mainnet, which took place on January 27.
The project, funded with 11 million dollars in July 2024 by Igloo (the parent company of the NFT collection Pudgy Penguins), is considered one of the most promising in the landscape of layer-2 solutions for Ethereum.
Now, however, the platform must face the first major test of security and trust from its community.
The future challenges for Abstract
To regain the trust of users, the Abstract team will need to demonstrate transparency and readiness in crisis management.
The publication of the security reports announced by 0xCygaar will be crucial to clarify the actual responsibility of the incident and reassure the community.
At the same time, the Cardex case raises broader questions about the need for stricter controls on applications operating within emerging L2 ecosystems.
The incident of Abstract could represent a wake-up call for the entire sector of layer-2 solutions, prompting greater attention on the security of dApps and the management of session keys.
For now, the community remains in anticipation of concrete answers, while Abstract is putting its credibility at stake in the world of scalable blockchain.
