Centralized Control’s Cost: UXLINK’s $11M Breach Exposes Multisig’s Hidden Risks

Generated by AI AgentCoin World
Wednesday, Sep 24, 2025 5:39 am ET1min read
ETH
--
WBTC
--
Aime RobotAime Summary

- UXLINK's multisig wallet was hacked via a delegateCall vulnerability, enabling unauthorized minting of 10 trillion tokens and draining $11.3M in assets.

- The attack caused UXLINK's token price to drop 70% and exposed centralized governance risks in Ethereum-based multisig systems.

- UXLINK responded by freezing suspicious transactions, planning a token swap, and developing a fixed-supply smart contract to restore ecosystem stability.

- The incident highlights critical vulnerabilities in centralized multisig wallets, sparking debates about decentralized governance and audit requirements for blockchain protocols.

UXLINK, a project positioned as a Web3 social platform, has suffered a significant security breach that has exposed vulnerabilities in its multi-signature (multisig) wallet system and raised concerns about centralization risks in Ethereum-based smart contracts. The incident, which occurred on September 22, 2025, involved an attacker exploiting a delegateCall vulnerability to seize administrative control of the wallet. This allowed the hacker to mint approximately 10 trillion UXLINK tokens—far exceeding the project’s circulating supply—and drain $11.3 million in assets, including stablecoins, ETH, and WBTCThe Block, [1]. The unauthorized minting caused the token price to plummet by over 70%, from $0.30 to $0.09, erasing nearly $70 million in market capitalization within hoursCoinPedia, [3].

The exploit leveraged a critical flaw in the multisig wallet’s governance structure, enabling the attacker to remove existing administrators, add a new owner, and execute large-scale token sales on decentralized exchanges (DEXs). Onchain analytics revealed that the hacker converted stolen UXLINK tokens into 6,732 ETH, valued at $28.1 million, through six wallets. Despite the rapid cash-out, most of the hacker’s assets were frozen by exchanges, mitigating further lossesThe Block, [1]. However, the incident underscores the risks of centralized control in multisig systems, where a single vulnerability can compromise the entire protocol.

UXLINK’s response included immediate collaboration with exchanges to freeze suspicious deposits and halt trading temporarily. The project also announced plans for a token swap to address the unauthorized minting and stabilize the ecosystem. A new smart contract with a fixed supply is under development to prevent future inflationCoin Telegraph, [2]. The team emphasized that no individual wallets were affected, but urged users to verify transactions through official channels. Notably, the hacker faced an ironic twist: while executing the exploit, they fell victim to a phishing attack by the Inferno Drainer group, losing over 542 million stolen tokensCoinPedia, [3].

The attack has broader implications for Ethereum’s smart contract infrastructure. Multisig wallets, often considered a security measure, are exposed as potential single points of failure when governance is overly centralized. The delegateCall vulnerability exploited in this case highlights the need for rigorous audits and decentralized governance mechanisms. Additionally, the incident has reignited debates about the risks of permissioned minting functions in protocols, even those marketed as decentralized.

Market participants and regulators are now scrutinizing the balance between security and decentralization in blockchain projects. UXLINK’s token swap plan and collaboration with blockchain forensics firms like PeckShield and Hacken aim to restore trust, but the event serves as a cautionary tale for projects relying on centralized multisig systems. As the project works to rebuild, the

Ethereum
community is likely to see increased demand for transparent, auditable smart contracts and decentralized governance frameworks to mitigate similar risks in the future.