The crypto remittance mobile application Telcoin has suffered an exploit that led to the loss of approximately $1.3 million in digital assets.
According to an X update from the Telcoin team, the security attack affected wallets that have never initiated transactions on the platform.
Telcoin Loses $1.3M in Security Exploit
The Telcoin team announced they were aware of the situation late Monday and temporarily froze the app to resolve the issue.
“We are aware of the situation with the Telcoin App. We have temporarily frozen use of the app while we look into the issue, and will provide an update as soon as we can,” the Telcoin team said.
During the investigation, the team found that the issue was with the proxy implementation of the wallet on Polygon and not with the Telcoin app itself. A fix has been employed to prevent further exploitation.
No private keys, backend systems, and user data were breached through the exploit. The project’s team intends to restore affected users’ assets to previous balances before turning the app service back on.
“We will provide another update soon and appreciate everyone’s patience and support. The Telcoin team is grateful for assistance from the blockchain security community, and will be thanking them publicly once we complete our investigation,” the team explained.
TEL Slumps 40%
On-chain data shows the stolen assets include 37 Ether (ETH) and over 1.3 million Polygon (MATIC) worth $85,000 and $1.19 million, respectively. While the Telcoin team has yet to reveal the details of the exploit, blockchain security firm PeckShield disclosed the losses amounted to approximately $1.3 million.
Following the Telcoin exploit, TEL, the native app of the platform, suddenly plunged by 40% from $0.0023 to $0.00079. At the time of writing, the token had recovered slightly and was trading around $0.0015, per data from CoinMarketCap.
Telcoin has joined the list of crypto platforms to be exploited in December. The platform’s attack comes less than two weeks after the decentralized exchange OKX was hacked through the theft of credentials needed to access wallets where funds are kept until transactions are completed. Although the attack was stopped before severe damage was done, the hacker successfully made away with $424,000 in different cryptocurrencies.