Update April 1, 1:42 pm UTC: This article has been updated to add comments from Cyvers co-founder and chief technology officer Meir Dolev.
An unauthorized party withdrew approximately $70 million in digital assets from open-source payment platform UPCX, according to a security alert issued on April 1.
The blockchain security firm Cyvers flagged suspicious activity involving 18.4 million UPC tokens, estimating the value of the compromised funds at around $70 million.
Cyvers said someone accessed a UPCX address and upgraded its ProxyAdmin contract. The attacker then executed a function that allows admins to withdraw, leading to fund transfers from three different management accounts.
At the time of writing, the stolen tokens had not been swapped for other crypto assets.
Cointelegraph has contacted UPCX for comments but did not receive an immediate response.
UPC price dips by 7% amid unauthorized transfer
UPCX acknowledged it had detected “unauthorized activity” involving its management accounts.