Chimpers’ Card App was taken fully offline after a security incident, according to a public notice posted by insight.chimp, @NFT1nsight, on May 28, 2026. The post told users that the team had identified an issue affecting the Card App and urged them to revoke active approvals as a precaution.
Heads up, earlier today we identified a security incident affecting the Chimpers Card App.
As a precautionary measure, we have:
• taken the Card App fully offline
• begun a full audit and investigationA small number of users who signed transactions through the Card App…
— insight.chimp (@NFT1nsight) May 28, 2026
Users Told to Revoke Active Approvals
The mitigation guidance centered on limiting wallet exposure while the review continues. The notice instructed users to revoke any active approvals connected to the Card App, verify account email addresses, avoid blind-signing transactions and rely only on official communication channels for further updates.
The affected product should be identified narrowly as the Chimpers Collectible Card App. Chimpers’ own user guide describes the app as a platform for opening packs, viewing collections and using its marketplace, while its terms say cards are NFTs on the Base Network and that a Base-supported wallet is used for app activity.
That product context does not identify the vulnerable component. No attack vector, compromised contract address, affected approval target, loss figure or exploited wallet flow has been confirmed in the public sources reviewed. The app suspension and approval-revocation instruction are confirmed; the technical cause and financial impact remain undisclosed.
Postmortem and Contract Details Remain Pending
The approval warning is relevant because token approvals can remain active after a user stops using a dapp. Revoking approvals is a standard containment step, but it does not prove that the Chimpers incident was caused by an approval exploit or a compromised contract.
As of the reviewed sources, Chimpers had not published a technical postmortem, a list of specific approvals to revoke, compromised contract addresses or a restoration timeline. Any statement about stolen funds, exploit mechanics or affected contracts should therefore remain qualified until the team releases a formal update.
The clean editorial framing is that Chimpers founder Insight.Chimp said the Card App was taken offline after a security incident and told users to revoke active approvals. The scope, vector, losses and contract-level exposure remain unconfirmed pending a postmortem or a more detailed notice from Chimpers’ primary channels.