Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to an announcement from blockchain payment platform UPCX, unauthorized activity was detected in its management accounts. As a precaution, the platform has urgently suspended UPC deposits and withdrawals. The official statement assures that user assets remain unaffected, and an active investigation is underway to determine the cause of the incident, with further updates to follow. Earlier reports suggested that an unauthorized party had accessed UPCX’s official addresses. The attacker allegedly transferred a total of 18.4 million UPC (approximately $70 million) from three management accounts. On April 4, UPCX posted on Twitter that, despite differing reports from various sources, the project still retains control over 18,473,290 UPC. While the suspicious activity remains under investigation, the project team will proceed with the transfer of the relevant UPC at approximately 09:00 UTC on April 4, 2025. Attack method (per SlowMist): Unknown. Reported loss: $ 70,000,000.
- chain
- —
- protocol
- UPCX
- bug_class
- access-control
- date_occurred
- 2025-04-01
- loss_usd
- $70,000,000
- source_id
- sm:upcx::2025-04-01