[IMPORTANT NOTICE] Security Incident Involving Unauthorized Transactions

AI Avatar Pte. Ltd. and its affiliates (collectively, "AI Avatar" or the "Company," and where the context so requires, "we," "us," or "our") hereby issue the following notice in connection with a serious incident involving potentially unauthorized transfers from certain wallets under the Company's management.

1. OVERVIEW

At approximately 20:30 on March 25, 2026 (GMT+7), the Company identified that multiple unauthorized ETH transfers had been executed from wallets under its management. The incident was subsequently detected at approximately 23:00 on the same date (GMT+7) via automated system monitoring alerts.

2. IMPACT

The following assets have been confirmed as affected as of the date of this notice:

• Company assets: 1,432.887 ETH (approximately USD 3.1 million equivalent). 

3. IMMEDIATE RESPONSE MEASURES

Upon detection of the incident, the Company promptly implemented the following measures:

• Suspension of all withdrawal functions;
• Invalidation and reset of all relevant credentials and access rights; and
• Engagement of external cybersecurity specialists and relevant authorities to investigate the cause and full scope of the incident.

4. CAUSE

The cause of the incident has not yet been definitively determined. The Company's investigation is currently examining all possible vectors, including unauthorized external access and potential internal misuse of access privileges. The Company will report its findings promptly upon confirmation.

5. IMPACT ON CUSTOMERS

While the Company recognizes that this is a serious incident, its financial position is robust and its ability to meet payment obligations to customers and to continue service delivery remains unaffected. The Company does not hold customer assets in custody. All payment obligations owed to customers will continue to be discharged in the ordinary course once robust security controls have been fully restored.

6. PREVENTIVE MEASURES

The Company is actively implementing the following remedial and preventive measures:

• A comprehensive review of all withdrawal and transaction approval processes;
• Strengthening of multi-layered security controls across all systems; and
• Engagement of an independent external specialist firm to conduct a comprehensive security audit.

7. FINANCIAL POSITION

While the Company recognizes the severity of this incident, it maintains a stable financial foundation and there is no disruption to business continuity. The Company has secured sufficient organizational resources and financial capacity to address this incident and to continue the provision of services to its customers.

8. IMPACT ON OTHER SERVICES

This incident is limited to specific wallet-related functions. As of the date of this notice, no adverse impact has been identified with respect to any other services provided by the Company, including its AI-related services.

9. FURTHER UPDATES

The Company will provide timely updates regarding the progress of its investigation and response measures as further information becomes available.

The Company sincerely apologizes for the serious concern and inconvenience this incident has caused its customers. We take this matter with the utmost gravity and remain committed to responding with full accountability and transparency at every stage of this process.

FREQUENTLY ASKED QUESTIONS 

Unauthorized Transfer of Digital Assets 

March 26, 2026

Q1. What happened? 

The Company confirmed that multiple unauthorized ETH transfers were executed from wallets under its management on March 25, 2026.

Q2. Was the Company hacked? 

The cause of the incident has not yet been determined. The Company's investigation is examining both unauthorized external access and the possibility of internal misuse of access privileges. No hypothesis is being excluded at this stage.

Q3. What is the total financial damage? 

The total amount confirmed as affected at this time is approximately 1,432 ETH (approximately USD 3.1 million equivalent).

Q4. Are customer assets affected? 

The Company does not hold customer assets in custody. All payment obligations owed to customers will continue to be met in the ordinary course once the Company's robust security controls have been fully restored.

Q5. What is the root cause? 

A detailed investigation is currently underway from both technical and operational perspectives. The Company will issue a further report upon confirmation of its findings.

Q6. Is there any internal involvement? 

The Company is not excluding any possibility, including the potential internal misuse of access privileges. The investigation is being conducted comprehensively and without prejudgment. The Company will report its findings transparently and solely on the basis of confirmed facts.

Q7. What steps has the Company taken so far?

• Suspension of all withdrawal functions;
• Invalidation and reset of all relevant credentials and access rights; and
• Commencement of a coordinated investigation with external cybersecurity specialists.

Q8. What preventive measures are being implemented? 

The Company is pursuing a comprehensive review of its withdrawal and approval processes, strengthening of security controls, and the engagement of an independent external security audit.

Q9. What is happening with the relevant service providers? 

The Company is working in coordination with all relevant parties as part of its investigation and will appropriately assess and address questions of responsibility as findings are established.

Q10. When will services resume? 

Services will be resumed on a phased basis once sufficient confirmation of operational safety has been established.

Q11. Is it safe to continue using Company services? 

In response to this incident, the Company is undertaking a fundamental overhaul of its security posture with the objective of building a safer and more resilient service environment for all customers.

Q12. Why was the incident not detected sooner? 

The incident was detected through the Company's automated system monitoring alerts. The Company is also reviewing and strengthening its detection protocols as part of its overall incident response.

Q13. Is the Company financially sound? 

Yes. The Company maintains a stable financial foundation and this incident does not present an immediate risk to its business operations. The Company has secured the financial resources and organizational capacity necessary to address this incident and to prevent recurrence.

Q14. Are the Company's other services affected? 

This incident is limited to specific wallet-related functions. As of the date of this notice, no adverse impact has been identified with respect to the Company's other services, including its AI-related services.