UPCX halts transactions after $70M breach. Investigation underway to secure platform and prevent future attacks - IcoHolder.

UPCX, an open-source payment platform, has suspended all transactions following a significant security breach that saw approximately $70 million in digital assets stolen. The breach was flagged by blockchain security firm Cyvers on April 1, 2025, which detected suspicious activity involving 18.4 million UPC tokens.

Cyvers revealed that an attacker gained unauthorized access to a UPCX administrative wallet, subsequently modifying its ProxyAdmin contract. This manipulation enabled the attacker to execute a withdrawal function, leading to the transfer of funds from three different management accounts. While the stolen tokens remain in a single wallet, no attempts to swap or liquidate the assets have been observed.

In response to the breach, UPCX immediately suspended both deposits and withdrawals on its platform. The company assured users that their personal funds were unaffected by the incident and that an internal investigation is underway to determine the full extent of the attack.

The hack triggered a sharp decline in UPC’s token price, which dropped 7%, from $4.06 to $3.77, according to data from CoinGecko. At press time, UPCX had not disclosed further details regarding potential remediation efforts or plans to address the vulnerability.

The attack is part of a growing trend of security vulnerabilities impacting cryptocurrency platforms, with attackers increasingly exploiting administrative access to siphon off funds. The UPCX breach highlights the critical need for stronger smart contract security and tighter access controls in the Web3 space to prevent future incidents of this nature.