According to Foresight News, cryptocurrency custody platform Fireblocks recently discovered an ERC-4337 account abstraction vulnerability in the UniPass smart contract wallet. This vulnerability allowed attackers to perform a complete account takeover of the UniPass wallet by replacing the wallet's trusted EntryPoint and activating the account abstraction module. Once the account takeover was completed, the attacker could treat the wallet as their own and steal all the funds within it. The vulnerability has now been fixed through a collaboration between both parties.

View full text