[IMPORTANT NOTICE] Security Incident Involving Unauthorized Transactions

We would like to inform you of a security incident involving unauthorized transactions from wallets managed by AI AVATAR and its affiliates (collectively, the “Company”).

Incident Overview

On March 25, 2026, at approximately 20:30 (GMT+7), multiple unauthorized ETH transactions were executed from wallets under the Company’s management. The issue was detected at approximately 23:00 (GMT+7) through system monitoring alerts.

Impact

• Customer Assets: 1,370.111 ETH
• Company Assets: 62.776 ETH
• Total: 1,432.887 ETH (approximately USD 3.1 million)

Current Status

• All withdrawal functions have been immediately suspended.
• All related access credentials and authorization tokens have been revoked and reset.
• The Company is working closely with external security experts and relevant partners to investigate the root cause and assess the full scope of the impact.

Cause of Incident

At this stage, the root cause has not been conclusively determined. The Company is conducting a comprehensive investigation into the circumstances surrounding the unauthorized transactions. Further updates will be provided as soon as more information becomes available.

Customer Asset Protection

The security and protection of customer assets are the Company’s highest priorities. The Company takes this incident with the utmost seriousness and is currently assessing the impact in detail. The Company is committed to taking all necessary measures to protect customer assets, including exploring appropriate compensation measures.

At this time, the incident is confirmed to be limited to specific wallet functions and has no identified impact on other services, including our AI-related services.

Remediation and Prevention Measures

The Company has initiated the following actions:

• Comprehensive review and redesign of withdrawal and approval processes 
• Strengthening of security architecture with multi-layered controls 
• Engagement of external security experts for independent audits 

Next Steps

The Company will continue to provide timely updates as the investigation progresses. 

We sincerely apologize for the concern and inconvenience caused. The Company remains fully committed to safeguarding users’ assets and maintaining trust through responsible and transparent actions.

Sincerely,
AI AVATAR.

—------------------------------------------

Q&A

Q1. What happened? A. The Company identified unauthorized ETH transactions from wallets under its management. 

Q2. Was this a hack? A. The root cause has not yet been determined. The Company is conducting a comprehensive investigation into the circumstances surrounding the unauthorized transactions. 

Q3. What is the total loss? A. The total estimated loss is approximately 1,432 ETH (approximately USD 3.1 million based on current market prices). 

Q4. Are customer funds affected? A. Yes. A significant portion of the affected assets relates to customer funds. The Company is currently assessing the full impact. 

Q5. Will customers be compensated? A. The Company takes full responsibility for the seriousness of this incident. Protecting customer assets is its highest priority, and the Company is actively evaluating appropriate measures, including compensation. 

Q6. When will compensation be provided? A. The details and timeline are currently under review. The Company will provide updates as soon as they are finalized. 

Q7. What caused the incident? A. The root cause has not yet been determined. A comprehensive investigation is ongoing. 

Q8. Was there any internal involvement? A. The Company is investigating all possibilities and will disclose verified findings transparently. 

Q9. What actions have been taken so far? A. Immediate actions include:

• Suspension of all withdrawals 

• Revocation and reset of credentials 

• Ongoing investigation with internal teams and external experts 

Q10. What measures are being taken to prevent recurrence? A. The Company is implementing a full redesign of withdrawal processes, enhanced multi-layered security controls, and independent third-party audits. 

Q11. Is the Company working with its service providers on this matter? A. The Company is working closely with all relevant partners as part of the investigation. Responsibility will be determined based on verified findings. 

Q12. When will services resume? A. Services will resume in phases only after sufficient security measures are in place. 

Q13. Is it safe to continue using your service? A. The Company is implementing significant security enhancements to ensure a safer environment moving forward. 

Q14. Why wasn’t this detected earlier? A. The issue was detected through system monitoring alerts. The Company is strengthening its monitoring and detection systems as part of its response. 

Q15. Is the company financially stable? A. The Company has sufficient resources to manage this situation responsibly and to take necessary actions to protect customer assets.