According to the official report of the two-layer network Abstract, its ecosystem application Cardex suffered a security bugs attack. The cause of the incident was that the Cardex team accidentally exposed the private key of the session signer on the front end of its website after completing a preliminary security audit. The vulnerability allowed the attacker to initiate transactions on any wallet that had authorized the session key, causing about $400,000 in token losses. Abstract said that the vulnerability is limited to the third-party app Cardex and does not affect the Abstract Global Wallet (AGW) or the Abstract network itself. Users are advised to periodically revoke the authorization of applications and tokens in the wallet to protect against latent risks.