Hackers Exploit UXLINK, Then Fall Prey to $48M Scam

Generated by AI AgentCoin World
Wednesday, Sep 24, 2025 4:39 pm ET2min read
Aime RobotAime Summary

- UXLINK suffered a $11.3M exploit via a multi-signature wallet vulnerability, triggering a 70% token price drop and unauthorized minting of 2 billion tokens.

- Attackers drained $4.5M in stablecoins and 3.7 WBTC but later lost $48M to a phishing scam, highlighting DeFi's high-risk, counterattack-prone nature.

- UXLINK froze assets, collaborated with exchanges, and initiated a token swap, yet unauthorized minting persisted, erasing $70M in market cap.

- The breach exposed critical flaws in UXLINK's smart contract design, including no supply cap and weak access controls, reigniting debates on multisig wallet security.

- Market analysts warn DeFi/CeFi sectors remain vulnerable, urging robust audits and transparent governance to rebuild trust after such exploits.

UXLINK, a Web3 social infrastructure project, suffered a $11.3 million exploit on September 22, 2025, as attackers exploited a vulnerability in its multi-signature wallet, triggering a 70% collapse in its token price. The breach involved the unauthorized minting of 2 billion UXLINK tokens, rapid asset transfers totaling $4.5 million in stablecoins, and 3.7 WBTC, alongside ETH and

USDC
. The attackers leveraged a delegateCall vulnerability to remove existing administrators and install their own address as the wallet’s owner, enabling immediate asset drainage UXLINK Hacked: Over $11 Million Stolen, Token Price …[1].

The exploit’s aftermath saw the hacker rapidly converting stolen tokens into 6,732 ETH ($28.1 million) across decentralized exchanges. However, the attacker faced an ironic twist: within hours, they became victims of a phishing scam by the Inferno Drainer group, losing 542 million UXLINK tokens ($48 million) UXLINK Hacked: Over $11 Million Stolen, Token Price …[1]. This dual-layered incident underscored the high-risk nature of DeFi ecosystems, where malicious actors remain vulnerable to counterattacks.

UXLINK responded within an hour of detecting the breach, issuing alerts and collaborating with exchanges to freeze suspicious deposits. The project engaged blockchain forensics firms like PeckShield to trace funds and announced an emergency token swap to mitigate supply inflation. Despite freezing a portion of the stolen assets, unauthorized minting continued, forcing UXLINK to prioritize ecosystem stability UXLINK Hacked: Over $11 Million Stolen, Token Price …[1]. The token’s price plummeted from $0.30 to $0.09, erasing $70 million in market capitalization within hours UXLINK Hacked: Over $11 Million Stolen, Token Price …[1].

Exchanges such as Upbit and Bithumb imposed trading restrictions, suspending deposits and withdrawals for UXLINK as a precaution. Upbit designated the token as a “cautionary asset” under the

Virtual
Asset User Protection Act, citing the issuer’s failure to disclose material risks . PeckShield, a blockchain analytics firm, warned users against interacting with the token, noting the hacker’s control over minting functions UXLINK Hacked: Over $11 Million Stolen, Token Price …[1].

The incident exposed critical flaws in UXLINK’s smart contract design, including the absence of a hardcoded supply cap and inadequate access controls. Security experts highlighted that basic protections like timelocks or emergency stop mechanisms could have delayed the attack, allowing for a community response UXLink Hack Exposes Centralized Weakness in DeFi Systems[5]. The breach also reignited debates about the security of multisignature wallets, traditionally viewed as high-security solutions but here compromised due to weak key management and governance UXLINK Hack — A Full Timeline and Deep Dive: Security Flaws, …[4].

Market analysts noted broader implications for DeFi and CeFi sectors. While DeFi protocols reduced losses by 40% in 2024 due to improved cryptography and bridge security, the UXLINK hack demonstrated persistent vulnerabilities in access control. Conversely, CeFi platforms faced rising risks, with breaches doubling in 2024, partly due to centralized key management flaws DeFi vs CeFi: A Tale of Security in 2024 - freebitco.in[6]. The event emphasized the need for decentralized projects to adopt robust security audits, multi-layered key storage, and transparent governance to rebuild trust UXLink Hack Exposes Centralized Weakness in DeFi Systems[5].

UXLINK’s token swap initiative and collaboration with exchanges aim to restore confidence, but long-term recovery hinges on addressing systemic vulnerabilities. The incident serves as a cautionary tale for investors, reinforcing the importance of due diligence and diversification in a market prone to rapid, large-scale exploits.