AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
_6ff029a61766633234293.png?format=webp&width=1186&height=250)
Hackers Stealing $11M from UXLINK Lose $48M to Phishing Scam
Generated by AI AgentCoin World
Tuesday, Sep 23, 2025 7:02 pm ET2min read
AI Podcast:Your News, Now Playing
Aime Summary
UXLINK, a Web3 social infrastructure project, fell victim to a $11.3 million exploit on September 22, 2025, following a critical vulnerability in its multi-signature wallet. Attackers exploited a “delegateCall” flaw to remove existing administrators and install their own address as the new owner, granting full control over the wallet[1]. This allowed them to drain $4.5 million in stablecoins, along with ETH and WBTC, while stealing 490 million native UXLINK tokens[2]. The hackers also minted an additional 2 billion UXLINK tokens, which were rapidly sold across decentralized exchanges (DEXes) for 6,732 ETH—valued at approximately $28.1 million[3]. The sudden influx of tokens triggered a panic sell-off, causing the UXLINK price to plummet from $0.30 to $0.09 within hours, erasing nearly $70 million in market capitalization[4].
The exploit exposed systemic weaknesses in UXLINK’s smart contract architecture, particularly in its multi-signature governance mechanism. On-chain analysis revealed that the attacker executed a delegateCall to remove admin roles and call “addOwnerWithThreshold,” effectively seizing control[1]. The unauthorized minting of tokens further exacerbated market instability, as liquidity providers struggled to absorb the massive supply shock. Exchanges like Upbit, OKX, and Bybit responded by freezing suspicious deposits, though estimates suggest $5–7 million of the stolen assets were immobilized, leaving $20–30 million unaccounted for[2]. UXLINK’s market capitalization dropped 73.08% to $39.18 million, with trading volume surging 1,012.77% to $473.13 million[3].
In response, UXLINK issued an emergency token swap initiative to restore supply integrity. The project announced a 1:1 swap of unauthorized tokens for valid ones, with the remaining supply to be burned[2]. This measure aims to address the imbalance caused by the unauthorized minting of 10 trillion UXLINK tokens since the exploit[4]. The team also engaged blockchain forensics firms, including PeckShield, to trace the stolen assets and collaborate with law enforcement[1]. Despite these efforts, user sentiment remains fractured. Critics accuse the platform of prioritizing institutional recovery over individual holders, with some labeling the token swap as a “rug pull”[4]. Community members have demanded faster solutions, while others remain cautiously optimistic about the team’s ability to rebuild trust.
The irony of the situation deepened when the hackers themselves became victims of a phishing scam. On-chain data revealed that the attacker lost 542 million UXLINK tokens—worth $48 million—to the Inferno Drainer group after approving a malicious “increaseAllowance” transaction[3]. This twist highlighted the inherent risks of the DeFi ecosystem, where even perpetrators are vulnerable to exploitation. PeckShield’s analysis noted the phishing contract’s design, which mimicked legitimate platforms to trick users into granting token transfer permissions[3]. The incident underscores the need for robust security protocols across all participants in the crypto space.
UXLINK’s crisis has broader implications for blockchain security, particularly in projects relying on multi-signature wallets. The exploit demonstrates how critical vulnerabilities in governance structures can be weaponized to destabilize markets. Analysts emphasize the importance of regular audits and real-time monitoring to mitigate such risks. As UXLINK navigates its recovery, the incident serves as a cautionary tale for the industry, reinforcing the need for transparency and proactive risk management in decentralized infrastructure[1].
Coin World
Quickly understand the history and background of various well-known coins
Latest Articles
XRP News Today: Vanguard Shifts Stance on Crypto ETFs, Citing Matured Markets and Demand
Dec.02 2025
Alphabet's AI Ecosystem Fuels Flywheel Growth, Propelling Stock 68% in 2025
Dec.02 2025
Striking Baristas Secure $38.9M in Restitution, But Contract Battles Brew On
Dec.02 2025
Bitcoin News Today: Bitcoin's RSI Signals Cyclical Reset as Market Waits for Fed's Decisive Move
Dec.02 2025
Corporate Strategies Test Balance Between Growth and Sustainability
Dec.02 2025
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet