An exploit in the Cardex application, a game on the Ethereum Layer-2 network Abstract, has led to the unauthorized withdrawal of approximately $470,000 worth of Ethereum, or 180 ETH, from 9,000 wallets over the course of 7 hours. The breach was due to Cardex's mishandling of private keys, specifically a session key that was exposed in the game's frontend code. Users who had interacted with Cardex were advised to revoke their session permissions to prevent further unauthorized access. The exploit was isolated to Cardex and did not affect the broader Abstract network or its Global Wallet (AGW) contracts. Abstract's security team confirmed the issue stemmed from Cardex's operational security failure, not a vulnerability in the Abstract network itself. The attack has prompted discussions on the security measures of apps within the Abstract ecosystem.