Cyvers in the News

Meir Dolev, CEO of Israel-based crypto security company Cyvers, which detected the Dough hack as it happened,
said that looping-related code is what hackers exploited to break into Dough’s systems. “Their implementation of complex, high-risk strategies like looping and de-looping without sufficient safeguards suggests they took excessive risks," Dolev said via email.

Dough’s post-hack report acknowledges the same root cause of the theft as Cyvers. Dough added that it would take preventive measures including auditing its code and enhancing security through monitoring.

‍

UPCX Assures Users After Unauthorized Transfer of 18.4MTokens

Blockchain security firm Cyvers confirmed the incident, stating that it involved the transfer of 18.4 million UPC tokens valued at approximately $70 million from three separate management accounts

According to Cyvers, its security system determined that an unauthorized person had gained access to the address 0x4C….3583E and “upgraded the ProxyAdmin contract.” The individual then executed the “withdrawByAdmin” function, resulting in the unauthorized transfer of the UPC tokens.

‍

Hacker Steals $70 Million in UPC Tokens After Gaining Control of UPCX Smart Contract

Cyvers, which traced the suspicious activity to a contract upgrade by the attacker.

This attack follows patterns seen in previous exploits, according to Cyvers’ co-founder Meir Dolev. He pointed out that compromised credentials and flawed access control mechanisms were often to blame for such breaches. He noted that these issues accounted for over 80% of Web3-relatedlosses in 2024. Dolev also stressed the importance of improving security measures, particularly for wallet permissions and multisignature implementations, to prevent future incidents.

‍