Unibright said a recovery key for one of its company HD wallets was exposed, enabling unauthorized access to token lock contracts tied to that wallet. The attacker called transfer functions on the lock contracts and moved 1.93 million locked UBT, along with tokens from a personal wallet previously distributed to team members. The project said no other assets appeared harmed at the time, but the moved tokens were expected to reach the open market. Unibright framed the incident as a custody failure and said it was preparing a professional custody integration to replace the token lock contract model.