UPCX Hack $70M Stolen and Tokens Locked: What’s Next for the Platform?

UPCX suspends transactions after a $70M hack drains digital assets; internal investigation underway to restore security and rebuild user trust.

Yahya Raza
April 2, 2025
2:51 am

Yahya Raza

Syed Yahya Raza Sherzai is a crypto news writer known for his in-depth analysis and timely reporting on blockchain technology, cryptocurrency markets, and decentralized finance (DeFi). With a keen eye for emerging trends and regulatory developments, Sherzai has established himself as a trusted voice in the cryptocurrency space.

UPCX halts transactions after hackers drain $70M in digital assets through a ProxyAdmin hack.
18.4 million UPC tokens stolen and moved to one address; no attempts to convert or sell assets.
Internal investigation underway as UPCX works to restore security and rebuild user trust.

UPCX, an open-source payment platform, was used by hackers, in turn, to drain about 70 million US dollars worth of digital assets, and thus, the platform had to block all transactions. They have become a focal point of concern after the platform was hacked on April 1st by a blockchain investigation firm called Cyvers.

According to Cyvers, the adversaries were able to obtain access to one of the UPCX administrative wallets using a hack in the ProxyAdmin contract. This manipulation enabled the hacker to run an unauthorized function for withdrawing the money, and this was done on three different management accounts.

Approximately 18.4 million UPCs were taken and transferred to a single address. According to the reports, the stolen tokens have not been converted or exchanged, which may mean that the hacker possesses the tokens for the time being.

🚨ALERT🚨Our system has detected multiple suspicious transactions involving @Upcxofficial

It appears that someone gained access to the address 0x4C….3583E, upgraded the 'ProxyAdmin' contract, and executed the 'withdrawByAdmin' function, resulting in the transfer of 18.4M… pic.twitter.com/ytCmwpNtE1
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 1, 2025

UPCX Halts Transactions

However, after the security breach, UPCX acted swiftly by halting all deposit and withdrawal services on its platform. The company quickly released statements that affirmed the server had not breached the personal funds of the users.

UPCX also said that an internal investigation is underway to further establish the nature of the attack and to ensure that similar attacks are not repeated in the future. However, the additional information concerning the attack’s source and the definitive strategy for rebuilding the platform has not been provided yet.

After the hack, many fluctuations in the token’s value were observed, which affected the operations of UPC. After the occurrence, the price of the tokens went down by 7% to $3.77 from $4.06, as per data from CoinGecko. However, the platform has not provided a statement on the measures that are being taken or possible ways of avenging the loss in the value of the token.

Investigation in Progress

This attack demonstrates the growing threats in Web3, especially in the decentralized environment. Security analysts have predicted for a while that hackers would look at lapses of administrative access and smart contracts. The UPCX breach is a continuation of targeted attacks on security vulnerabilities, adding to the fears that the safety of digital asset platforms is not well preserved.

The need for enhanced security is highlighted in this area through the suggestions made by blockchain security experts concerning smart contract auditing and administrative controls. These experiences displayed that decentralized platforms should enhance access control measures and an anomaly detection in real-time to tackle similar risks in the future.

It has also raised more questions about the overall security of cryptocurrencies. As more Web3 platforms are developed, there is a greater need to improve the defenses against such attacks. UPCX faces a complicated task of regaining the client’s trust.