UPCX Payment Platform Hack: Unauthorized Withdrawal of $70 Million from Administrative Accounts While Maintaining Security of Users’ Assets

An unauthorized party carried out a large-scale cyberattack on the open-source payment platform UPCX, resulting in the theft of approximately $70 million in digital assets in the form of UPC tokens. The incident was officially recorded and confirmed on April 1, 2025, by blockchain security company Cyvers, which identified suspicious activity involving 18.4 million UPC tokens , estimating the total amount of stolen funds at $70 million 1 2 3 .

Details of the attack

According to Cyvers, the attacker gained unauthorized access to the UPCX address and updated the associated ProxyAdmin contract , an administrative module that controls access and operations to the contract. The attacker then executed the withdrawByAdmin function , which allows administrators to withdraw funds from specific accounts. This allowed funds to be transferred from three different UPCX management accounts. At the time of publication, the stolen tokens remain in the attacker’s wallet and have not been exchanged for other crypto assets or fiat 1 2 5 7 .

The UPCX team acknowledged the unauthorized activity and suspended deposits and withdrawals on the platform to minimize further potential losses and ensure the safety of users. The company representatives assured that the assets of ordinary users were not affected by the incident and an active investigation is underway 1 2 5 6 .

Impact on UPC token price

The news of the hack caused the UPC token to fall in value on cryptocurrency exchanges. According to CoinGecko and CoinMarketCap, the token price fell by 7% — from a high of about $4.06 to a low of $3.77 at the time of the incident, after which it partially recovered to about $3.83–$3.97, according to various sources. The token’s market capitalization amid the crisis is estimated at more than $340 million 1 3 5 6 .

Technical aspect and reasons for the attack

Cyvers co-founder and CTO Meir Dolev noted that while the root cause of the attack is still under investigation, the incident reflects common attack patterns in the Web3 industry in 2024-2025 . The main reasons for such hacks are:

• Compromise of administrator or employee credentials;
• Lack of robust access control and rights management mechanisms;
• Vulnerabilities in the implementation of multi-signatures and transaction verification procedures.

Dolev emphasized that such vulnerabilities were the main reason for more than 80% of cryptocurrency project losses this year. The UPCX hack follows a pattern of attacks in which attackers gain access to critical administrative roles, through which they launch malicious smart contract updates and withdraw funds. The incident once again emphasizes the need to strengthen security, especially in terms of access rights restrictions and mandatory verification of transactions 1 5 7 .

Scale and consequences

The $70 million in UPC tokens stolen is more than double the total losses in the cryptocurrency industry in March 2025 ($33 million), making it one of the largest hacks of the year. UPCX is a relatively new payment platform focused on Southeast Asian markets, powered by the Ethereum network and smart contracts. The incident has called into question not only the security of the assets themselves, but also the sustainability of the ecosystem, as most of the UPC tokens are concentrated in the hands of a few large wallets, including founder and team accounts 1 3 7 8 .

Results and recommendations

The UPCX hack serves as a reminder of the high importance of cybersecurity in the crypto space. Successful execution of malicious actions through administrative functions and insufficient access control demonstrate the weaknesses of many Web3 projects. Experts insist on conducting comprehensive security audits, using multi-signatures, mandatory verification of each transaction and strict credential management to minimize the risk of such incidents happening again 1 5 6 7 .

Thus, the UPCX incident confirms that even modern and developing platforms remain vulnerable to complex cyberattacks, which requires constant work to improve protection mechanisms and prompt response when threats are identified.

User assets were not affected by the hack of the UPCX payment platform because the attack targeted the platform’s administrative accounts and management contracts, not user wallets. According to UPCX, the hack affected management accounts and changed administrative rights, which allowed the attacker to withdraw funds from three management accounts. However, regular user assets, which are stored separately and protected by other security mechanisms, were not affected by the incident. In response to the attack, the platform suspended deposits and withdrawals to prevent further losses and is actively investigating what happened [source from previous conversation].

This separation of management and user assets is a common practice in crypto platforms to minimize the risk of customer losses when administrative subsystems are hacked. Similar scenarios occur in other major attacks, where the hack affects internal management systems but does not directly affect user funds due to isolation and additional controls, such as multi-signatures and multi-level access control. This allows platforms to remain solvent and protect users despite major incidents 1 5 .

Thus, thanks to the UPCX security architecture and the team’s prompt actions, user assets remained safe despite a large-scale compromise of administrative rights and the withdrawal of large sums from management accounts.

Let’s look at a selection of articles about major hacks of cryptocurrency platforms in 2025, similar in scale and nature to the UPCX incident:

1. “Hackers stole $2 billion from crypto services in 2025” — RBC
   In the first half of 2025, more than $2.1 billion was stolen as a result of about 75 hacks, including the largest in the history of the Bybit crypto exchange for $1.5 billion. The attacks are often associated with the compromise of administrative rights and complex geopolitical motivations. Read more
2. “Crypto Hacks in June 2025: $111.6M, Nobitex” — Phemex
   In June 2025, there were about 15 major crypto hacks with total losses of over $111 million. The largest attack was on the Iranian exchange Nobitex with $82 million stolen. Read more
3. “Hacken: Cryptocurrency Hack Losses Exceed $3.1 Billion in 2025”
   Hacken analysts report growing losses in the crypto industry, primarily due to access control vulnerabilities and smart contract bugs. Administrative role hacks remain the leading cause of fund leaks. Read more
4. “Cryptocurrency Thefts in 2025: How Wallets Are Hacked and What to Do” — DTF
   An overview of the main methods of hacker attacks on crypto wallets and exchanges in 2025, as well as recommendations for protecting assets and preventing losses. Read more
5. “North Korean hackers stole a record $1.5 billion from Bybit” – Incrussia
   A breakdown of the largest Bybit hack linked to the North Korean Lazarus group, focusing on the consequences and measures to protect customers. Read more

These articles cover general trends and specific examples of major crypto breaches, demonstrating typical attack patterns — administrative access compromise, smart contract vulnerabilities, and social engineering — to help you better understand the causes and methods of protecting against such incidents.

In the first half of 2025, the crypto industry saw an unprecedented rise in digital asset thefts, with hackers siphoning off over $2.1 billion in around 75 major hacks and exploits, the most ever in cryptocurrency history 6 . Both centralized crypto exchanges and decentralized protocols were the main victims of the attacks, with attackers often exploiting compromised administrative privileges and infrastructure vulnerabilities.

The most significant incident was the attack on crypto exchange Bybit in February 2025, when malicious actors allegedly linked to the North Korean group Lazarus withdrew a record $1.5 billion 6 7 . Despite the damage, Bybit management stated that client assets were fully covered by reserves and promised compensation to victims, which sparked a lively discussion in the crypto community about the reliability and security of exchanges.

In June 2025, a series of large-scale hacks were recorded, with losses exceeding $111 million . The largest attack was on the Iranian exchange Nobitex , where attackers stole approximately $82 million [User Information]. Beyond exchange platforms, vulnerabilities in smart contracts and blockchain infrastructure have led to significant losses, as noted by security analysts including the firm Hacken , which recorded losses of over $3.1 billion in 2025, primarily due to access control flaws and smart contract implementation errors [User Information].

Attacks on crypto wallets and platforms continue, using social engineering, key compromise, and multi-factor authentication flaws. The DTF publication’s overview details the main hacking methods and provides recommendations for protecting digital assets and preventing losses.

The pattern of the largest attacks is linked to the North Korean hacker group Lazarus, responsible for large-scale cryptocurrency thefts worth tens of billions of dollars in recent years. The Bybit hack was the largest and most visible example of their activities in 2025 7 8 .

Thus, the first six months of 2025 are characterized by record thefts in the crypto industry, demonstrating the high degree of vulnerability of even leading infrastructures and the need for enhanced security measures, including strong key management, access control, the use of multi-signatures and regular security audits.

What are the features of the Nobitex exchange hack and why it became a target for hackers

The specifics of the Nobitex crypto exchange hack and the reasons why it became a target for hackers are as follows:

1. Political and Geopolitical Motivation for the Attack
   The hack of Nobitex was not just a theft of funds – the hacker group Gonjeshke Darande (a pro-Israeli cyber group) claimed responsibility, saying that the attack was “revenge” and aimed at the use of the platform to circumvent international sanctions against Iran. The exchange was accused of collaborating with the Iranian regime and using it to finance sanctions schemes and even terrorism. This makes the hack more likely part of a wider political and cyber conflict between Israel and Iran 1 3 4 .
2. Scale and vulnerability of infrastructure
   Nobitex is the largest crypto exchange in Iran, with a turnover of over $11 billion and over 11 million users. It serves a significant portion of crypto transactions in the country, including government and commercial transactions. This has made it a strategic target for cyberattacks, especially given Iran’s dire sanctions situation, which makes cryptocurrency exchanges key to the economy and sanctions evasion 3 5 .
3. Technical details of the attack
   On the night of June 15, 2025, hackers gained access to the exchange’s “hot wallets” and withdrew assets worth about $82 million in various cryptocurrencies – BTC, ETH, Tron and EVM-based tokens. According to preliminary findings of the investigation, the hack was carefully planned, using vulnerabilities in the exchange’s API and/or compromised employees. Dozens of addresses and crypto mixers were used to hide traces. After the attack, the exchange froze withdrawals and suspended trading for security checks 2 5 .
4. Consequences and extent of damage
   More than 10,000 users lost access to their assets. The hackers also published or threatened to publish the source code and internal data of the exchange, which puts the remaining funds and the security of the infrastructure at risk. In addition to financial losses, the incident significantly affected the trust in the platform and the entire Iranian crypto market 5 6 8 .
5. Impact on the region and the crypto ecosystem
   The attack has raised concerns among regulators and users in Iran and the Middle East region, increasing licensing requirements and oversight of crypto platforms. Nobitex’s connections to other crypto operators in the region, such as Bitpapa and Garantex, have also attracted the attention of regulators. The incident demonstrates how cryptocurrency infrastructures can become a target for geopolitical struggle and cyberwarfare 1 3 .

Ultimately, Nobitex was targeted due to its key role in evading sanctions and funding the Iranian regime, as well as its large infrastructure and vulnerabilities, which together made the platform an important and vulnerable target for politically motivated cyberattacks 1 3 4 .

How North Korean Lazarus Groups Organize the Biggest Crypto Exchange Heists

The North Korean hacker group Lazarus, allegedly operating with the support of the DPRK government, organizes the largest thefts from crypto exchanges using complex, coordinated and multi-stage cyber operations. The main features and methods of their work include:

• Government Support and Centralized Control: Lazarus operates as part of the KPA General Staff Intelligence Agency, particularly through Unit 180, which is tasked with stealing money from abroad. This allows it to have resources, expertise, and strategic control over government funding programs, including nuclear ones.
• Focus on cryptocurrency as a source of funding: Theft of cryptocurrency has become one of Lazarus’ main sources of income, with the theft of crypto assets worth between $1.75 billion and $6 billion, according to various estimates, over the past few years. These funds are used to finance North Korea’s weapons and military programs.
• Leveraging modern vulnerabilities and skills: Lazarus uses zero-day vulnerabilities, sophisticated malware, phishing attacks, social engineering, and administrative privilege compromise to gain access to crypto exchange hot wallets and asset management infrastructure.
• Meticulous planning and shadowy operations: Lazarus attacks are typically meticulously planned, with a series of stages including gaining access through internal vulnerabilities or insiders, then quietly moving funds through multiple transfers and mixers to hide their tracks.
• Cashing out stolen crypto assets: Despite large-scale hacks (such as $1.5 billion at crypto exchange Bybit), hackers are successfully converting some of the funds into cash or other assets – at least $300 million has already been cashed out, indicating a high organizational network outside the blockchain.
• Targeted attacks on large exchanges and financial institutions: Lazarus prefers to hack large crypto exchanges and financial platforms, where it is possible to steal significant amounts at once, which allows for a significant increase in government revenues without traditional economic restrictions.
• Constantly evolving and adapting tactics: As security measures tighten, Lazarus adapts its methods, using more discreet and rapid operations and combining technical and social engineering attacks.

Thus, Lazarus is a well-organized, state-motivated and technologically advanced group that turns cybercrime into a strategic tool to finance North Korea by systematically hacking cryptocurrency platforms, causing widespread damage to the global crypto community 1 2 3 4 5 .

How Lazarus Covers Up Its Exchange Cyber Hacks

The Lazarus group disguises the traces of its cyber hacks on crypto exchanges using complex and multi-layered methods, including:

• Multiple transfers across multiple wallets: Once funds have been stolen, the attackers break the stolen assets into thousands of smaller transactions, moving them across hundreds or even thousands of different wallets. For example, when the Bybit exchange was hacked, it was found that 83% of the stolen ETH was converted to BTC using around 6,954 wallets, making it much more difficult to track and consolidate the stolen funds 1 .
• Use of decentralized exchanges and mixers: To further obscure the origin of the stolen assets, Lazarus uses decentralized exchanges such as THORChain, as well as crypto mixers – services that mix transactions from different users, making it virtually impossible to trace the path of funds through the blockchain 1 .
• Technical tricks in malware distribution: Complex malware is used to penetrate exchange systems, including backdoors (for example, Fallchill), which are hidden under the guise of legitimate software (for example, trading applications with valid digital certificates) and are technically difficult to detect. Such software allows not only to gain access to the system, but also to mask its activities, remove traces, and download additional tools without suspicion 2 .
• Fake Updates and Use of Fake Domains: Lazarus uses fake companies and sites with valid certificates to distribute malware under the guise of official updates, which increases trust and obscures the real source of the attack 2 .
• Cryptocurrency proxy services: To convert and withdraw stolen funds, attackers use proxy services and over-the-counter (OTC) trading platforms, as well as P2P platforms, which allows them to avoid the control of centralized exchanges and complicate the task of law enforcement agencies to detect them 1 .
• Active and rapid movement of assets: Within a short time after an attack, Lazarus tries to completely clear wallets with stolen funds, which prevents transactions from being blocked and the stolen funds from being returned 1 .
• Use of complex transaction networks and multi-asset networks: To hide traces of money laundering, Lazarus uses complex schemes with several different assets and transactions across different blockchains, which creates an additional layer of confusion 6 .

These techniques combined make Lazarus’ operations extremely stealthy and difficult to track, requiring law enforcement and intelligence organizations to use advanced cybersecurity technology and collaboration.

Final conclusion on modern threats and vulnerabilities of the crypto industry in 2025

2025 has confirmed and significantly strengthened the trend of growing large-scale thefts in the crypto space, demonstrating how vulnerable the infrastructure of even the largest and most technologically advanced platforms remains. In the first half of this year, more than 75 major hacks and exploits were recorded, leading to the loss of assets worth over $2.1 billion . Among them, the attack on the Bybit crypto exchange for a record $1.5 billion stands out , carried out, according to analysts, by the Lazarus group , which is associated with the state structures of North Korea.

These events reveal key vulnerabilities and problems in the modern crypto ecosystem. The main causes of losses are compromised administrative rights, weak access management, and insufficiently reliable implementation of control mechanisms – in particular, multi-signatures and strict transaction verification. Hacks are often accompanied not only by technical loopholes and exploitation of vulnerabilities in smart contracts, but also by social engineering, phishing, and insider interference.

Particularly indicative was the attack on the Iranian exchange Nobitex, which resulted in the theft of $82 million , which goes beyond the scope of ordinary cybercrime, acquiring a political and geopolitical context – in this case, the attack was part of a conflict with international sanctions and the influence of regional cyber groups. This highlights that the crypto industry is increasingly becoming an arena for not only economic, but also geopolitical clashes.

The Lazarus group demonstrates a sophisticated and multi-layered approach to cryptocurrency theft, using state support, professional malware, sophisticated cloaking techniques, multiple transfers across thousands of wallets, and decentralized mixing services. Not only are their operations large in size, but they are also highly organized and constantly evolving their tactics.

At the same time, large platforms like UPCX demonstrate that, thanks to a competent architecture of user asset separation and rapid response to incidents, it is possible to minimize damage to end customers, even in the case of serious breaches of administrative systems. Nevertheless, such breaches highlight the need for continuous improvement of security tools – comprehensive security audits, reliable access management by administrators, multi-factor authentication, multi-signatures, and thorough verification of all transactions.

Overall, 2025 has become a troubling reminder that cryptocurrency platforms remain at high risk, both due to technical vulnerabilities and the growing activity of well-funded, professionally organized hacker groups with state ties. This situation requires market participants, technologists, and regulators to strengthen cybersecurity measures, collaborate on information sharing, and develop effective asset protection strategies.

Only a comprehensive and preventive approach, combining technological innovation and legal measures, can reduce the scale of losses and increase user confidence in digital financial systems in the era of rapid development of Web3 and decentralized finance.

Sources:
1 Lazarus laundered a billion dollars from the Bybit exchange in two weeks — itsec.ru
2 APT Lazarus hacked a crypto exchange using trading software — kaspersky.ru
6 Russian hackers / TRM Labs investigation — tadviser.ru

1. https://www.itsec.ru/news/lazarus-otmila-milliard-dollarov-birzhi-bybit-za-dve-nedeli
2. https://www.kaspersky.ru/blog/lazarus-crypto-exchange-attack/21134/
3. https://www.kaspersky.ru/blog/how-to-play-tanks-and-catch-backdoor/38498/
4. https://securitymedia.org/news/list/
5. https://www.bbc.com/russian/articles/cvgd1nyk39ro
6. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B5_%D1%85%D0%B0%D0%BA%D0%B5%D1%80%D1%8B
7. https://cisoclub.ru/ataki-lazarus-mastera-kiberprestuplenij-na-strazhe-kriptovaljut/
8. https://newsletter.radensa.ru/wp-content/uploads/2024/07/%D0%9A%D0%B8%D0%B1%D0%B5%D1%80%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8 C_%D0%B3%D0%BB%D0%B0%D0%B2%D0%BD%D1%8B%D0%B5_%D0%BF%D1%80%D0%B8%D0%BD%D1%86%D0% B8%D0%BF%D1%8B_%D0%A0%D0%B8%D0%BA_%D0%A5%D0%BE%D0%B2%D0%B0%D1%80%D0%B4_2024.pdf

1. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9A%D0%B8%D0%B1%D0%B5%D1%80%D0%BF%D1%80%D0%B5%D1%81%D1%82%D1%83%D0%BF%D0 %BD%D0%BE%D1%81%D1%82%D1%8C_%D0%B8_%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%BA%D 0%BE%D0%BD%D1%84%D0%BB%D0%B8%D0%BA%D1%82%D1%8B_:_%D0%9A%D0%9D%D0%94%D0%A0
2. https://www.bbc.com/russian/articles/cvgd1nyk39ro
3. https://www.cnews.ru/book/Lazarus_-_%D0%A5%D0%B0%D0%BA%D0%B5%D1%80%D1%81%D0%BA%D0%B0%D1%8F_%D0%B3%D1%80%D1%83%D0%BF%D0%BF%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B0_-_BlueNorOff_-_Andariel
4. https://www.youtube.com/watch?v=ct2p-y2t02E
5. https://meduza.io/feature/2025/02/26/hakery-iz-kndr-ukrali-pochti-poltora-milliarda-dollarov-u-kriptobirzhi-bybit-sudya-po-vsemu-eto-krupneyshee-ograblenie-v-istorii
6. https://www.rbc.ru/crypto/news/64e5eb439a7947afc98523d6
7. https://www.bbc.com/russian/articles/c93kx6dd6elo
8. https://habr.com/ru/companies/ddosguard/articles/888908/
9. https://www.binance.com/ru/square/post/22443774717665
10. https://www.itsec.ru/news/spustia-5-let-raskriti-podrobnosti-krupnoy-krazhi-sredstv-s-birzhi-upbit

1. https://www.moneytimes.ru/news/nobitex-hack-investigation/69994/
2. https://vc.ru/crypto/2054082-vzlom-kryptobirzhi-nobitex-ukradeno-82-mln
3. https://ru.beincrypto.com/po-sledam-nobitex/
4. https://www.rbc.ru/crypto/news/685271419a79475ca3cea73e
5. https://ru.beincrypto.com/nobitex-iran-vzlom/
6. https://24tv.ua/tech/ru/iranskaja-kriptobirzha-nobitex-postradala-ot-massovogo-vzloma-hakery-pohitili-milliony-tehno_n2850256
7. https://forklog.com/news/analitiki-svyazali-vzlom-nobitex-s-arestom-agentov-irana
8. https://forklog.com/news/hakery-raskryli-ishodnyj-kod-iranskoj-birzhi-nobitex
9. https://ru.investing.com/news/cryptocurrency-news/article-2812502
10. https://securitymedia.org/news/list/

1. https://www.kaspersky.ru/resource-center/threats/crypto-exchange-hacks
2. https://vk.com/wall-164891737_5090
3. https://www.strategium.ru/forum/topic/115187-%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D1%8B-2025-%D1%80%D0%B5%D0%BA%D0%BE%D1%80%D0%B4%D0%BD%D1%8B%D0%B5-%D0%BA%D1%80%D0%B0%D0%B6%D0%B8-%D0%B8-%D1%80%D0%B8%D1%81%D0%BA%D0%B8-cex
4. https://bitstat.top/coins_top.php
5. https://www.block-chain24.com/news/novosti-bezopasnosti/peckshield-vzlomy-kriptovalyut-dostigli-16-mlrd-v-pervom-kvartale-2025
6. https://ru.beincrypto.com/rekord-krazh-kriptovalyuty-2025/
7. https://incrussia.ru/understand/top-crypto-hacks/
8. https://coinmarketcap.com/academy/ru/article/largest-crypto-heists-in-history-have-exchanges-learned-anything-from-their-mistakes
9. https://iz.ru/1843878/natala-ilina/birzi-karman-k-cemu-privedet-krupneisii-kriptovzlom-na-1-mlrd
10. https://miningmoon.ru/blog-getasic/samye-dorogie-kriptovalyuty-v-2024-2025-godah-polnyj-spisok-i-analiz/

1. https://www.rbc.ru/crypto/news/685ea64c9a7947de65e03d13
2. https://phemex.com/ru/news/article/crypto-hacks-in-june-2025-result-in-1116m-losses-led-by-nobitex-breach_11576
3. https://www.block-chain24.com/news/novosti-bezopasnosti/hacken-ubytki-ot-vzlomov-kriptovalyutnyh-sistem-prevysili-31-mlrd-v-2025
4. https://dtf.ru/howto/3863400-krazhi-kriptovaljut-v-2025-godu
5. https://ru.tradingview.com/news/rbc_crypto:ec6d0755567b8:0/
6. https://incrussia.ru/understand/top-crypto-hacks/
7. https://musavat.ru/ru/news/hakery-ukrali-2-mlrd-dollarov-iz-kriptoservisov-v-2025-godu-kto-stoit-za-atakami_1180244.html
8. https://bithide.io/blog/ru/crypto-exchange-hack-coinbase-2025/
9. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%BE%D0%B9
10. https://overclockers.ru/blog/Apple/show/231394/Hakery-ukrali-kriptovaljutu-na-2-1-mlrd-s-nachala-2025-goda

1. https://vc.ru/crypto/2113314-pochemu-kriptovalyuty-ne-stali-massovymi-instrumentami
2. https://tj.ru/news/bybit-hack/
3. https://sergeytereshkin.ru/publications/vzlom-koshelka-bybit-chto-sluchilos-i-kak-zashchitit-svoi-aktivy
4. https://www.bbc.com/russian/articles/c62z7p05ljpo
5. https://rg.ru/2025/02/26/legkie-dengi.html
6. https://cisoclub.ru/birzha-bybit-stolknulsja-s-krupnejshim-v-istorii-hakerskim-vzlomom-minus-1-4-mlrd/
7. https://incrussia.ru/understand/top-crypto-hacks/
8. https://www.rbc.ru/crypto/news/610ce4f59a794706b6750380
9. https://www.mn.ru/smart/krupnejshee-ograblenie-v-istorii-kripty-kto-stoit-za-vzlomom-bybit
10. https://www.garant.ru/article/1150927/

1. https://www.block-chain24.com/news/novosti-bezopasnosti/haker-vyvel-70-mln-s-platezhnoy-platformy-upcx
2. https://forklog.com/news/upcx-ostanovila-operatsii-posle-nesanktsionirovannogo-vyvoda-70-mln
3. https://minfin.com.ua/2025/04/02/148234278/
4. https://www.binance.com/ru/square/post/22365205685697
5. https://incrypted.com/upcx-plate-platform-lost-70-mln-as-a-result-of-a-hack/
6. https://finway.com.ua/ru/upcx-poterya-mln-vzlom-platformy/
7. https://finance.yahoo.com/news/hacker-steals-70-million-upc-214926542.html
8. https://coinmarketcap.com/academy/article/hacker-steals-dollar70-million-in-upc-tokens-after-gaining-control-of-upcx-smart-contract
9. https://cisoclub.ru/hakery-ukrali-u-upcx-kriptoaktivov-na-74-mln-dollarov-vse-operacii-priostanovleny/
10. https://news.bitcoin.com/ru/upcx-zaveryaet-polzovateley-posle-nesanktsionirovannogo-perenosa-18-4-mln-tokenov/