Original | Odaily Planet Daily
Author | Ethan
Once again encountering a black swan moment, this time the victim is the star project in the Web 3 social track — UXLINK.
This project, which began in April 2023, is positioned as an on-chain social relationship and group network, with a peak market value that once exceeded $370 million.
From the sudden attack in the early morning to the hacker seemingly being outsmarted by anti-phishing measures, UXLINK experienced the most chaotic moment in its project history in just over 10 hours:
- Stolen assets exceeded $11.3 million;
- The hacker allegedly minted 1 billion additional tokens;
- Cashed out 6,732 ETH (approximately $28.1 million) on-chain;
- The token plummeted, with an intraday drop exceeding 80%.
Even more absurdly, this hacking incident featured a "secondary reversal plot": the hacker had just stolen tens of millions of dollars in assets from the protocol, only to be allegedly robbed of 542 million tokens by a phishing gang, creating a classic "black eats black" scene.
Below, Odaily will outline the event, stringing together the important nodes of this storm to date.
Attack Erupts: Multi-Signature Compromised, Funds Transferred
On September 23 at 00:43, Cyvers Alerts first disclosed that an attacker executed a delegateCall operation on UXLINK's multi-signature wallet at 22:53 on September 22, deleting the original administrator role and setting themselves as the sole controller. They then called addOwnerWithThreshold, quickly completing a series of asset authorizations and transfers: 4 million USDT, 500,000 USDC, 3.7 WBTC, 25 ETH, and approximately 3 million UXLINK were transferred out and partially bridged to the mainnet, with almost all stablecoins exchanged for DAI.
Just 5 minutes later, the market experienced a massive shock. The spot price of UXLINK fell below 0.18 USDT, hitting a low of 0.1731 USDT, with a 24-hour drop of up to 45.87%. The liquidation amount also rapidly escalated, with total liquidations across the network exceeding $5.5 million, including $3.68 million in long liquidations, further exacerbating the panic.
Official Response: Emergency Freeze, Transparent Disclosure
At 1:40 AM on September 23, UXLINK's official account first responded, acknowledging the attack, stating, "We are coordinating with multiple exchanges to freeze funds and have contacted security experts and the police for intervention."
Then, at 9:38 AM, the official account announced again: "Most of the stolen assets have been successfully frozen." The team confirmed that PeckShield had intervened for tracking and emphasized that there were no signs of personal wallets being compromised, and a compensation and reimbursement mechanism would be established. The announcement repeatedly stressed that "protecting community assets is the top priority."
Situation Escalates: Hacker Mints 1 Billion Tokens, On-Chain Price Avalanche
Based on the experiences of other projects, when hackers succeed and projects recover, the plot is generally nearing its end, but the hacker did not stop there.
At 9:54 AM on September 23, according to on-chain data, the attacker successfully "minted" 1 billion UXLINK tokens out of thin air through the contract's minting function (transaction hash: 0x35edac…5696) and transferred them to address 0xeff9CE…b8b7eB9a7. (This address had been distributing the newly minted UXLINK tokens, and as of now, all have been distributed.)
The futures price of UXLINK quickly fell below $0.056, with an intraday drop exceeding 80%. There was a significant price discrepancy between on-chain spot and CEX prices, with OKX and Bybit, among several mainstream trading platforms, temporarily delisting trading pairs. According to CoinMarketCap data, the project's market value was directly halved from the previous day's $150 million to less than $50 million.
An hour later, UXLINK's official account confirmed the minting was true and stated that this incident had severely violated the white paper's provisions, leading to further market panic and a devastating blow to the liquidity pool's price. The team urgently issued a statement urging "not to trade tokens on DEX for now" and planned to advance a "token swap" scheme to attempt to reconstruct the economic system that had been severely impacted by the minting.
Hacker Liquidation: Cashing Out 6,732 ETH
According to Lookonchain monitoring, the attacker did not stop at "accounting minting." After transferring a large number of UXLINK tokens to multiple addresses, they quickly liquidated on DEX, accumulating 6,732 ETH (approximately $28.1 million), and allegedly transferred some funds to CEX for further withdrawal.
Additionally, there was a lot of speculation in the community at this time, with some voices suggesting "this may be due to internal team conflicts leading to a leak of permissions," and even mentioning "the bribery network exposed three days ago." However, this claim is currently only speculation and has not been confirmed by reliable evidence.
Secondary Reversal: Hacker Also Phished
The plot still did not end here. At 11:43 AM, security researcher Yu Xian @evilcos revealed: the UXLINK hacker allegedly fell into the trap of the Inferno Drainer phishing gang during the operation, losing approximately 542 million UXLINK through "ordinary authorization" methods.
Yu Xian posted two transaction hashes as evidence and joked, "I was wondering why the on-chain analysis was getting weirder and weirder…" This reversal added more drama to the already chaotic situation and quickly sparked heated discussions in the community.
Project Party: Stabilizing Emotions, Promising Compensation
This incident coincided with the 2025 Korea Blockchain Week (KBW) (September 22 to 28, 2025), which is one of the more influential blockchain events in Asia.
The following image shows a booth shared by netizens at this event (barring any surprises, this booth should be packed):
Throughout the event's escalation, the UXLINK team continuously released announcements in the official TG group, attempting to stabilize investor confidence. The latest announcement stated: "We will not be defeated; instead, we will be more united and stronger. KBW and Season 5 events are still ongoing."
Additionally, the team confirmed that they had contacted multiple centralized exchanges to suspend UXLINK trading for subsequent token swaps and compensation plans.
Community Bottom-Fishing, Not So Fun (Tragic)
The bigger the storm, the bigger the fish… Many chose to "bottom-fish" during this hacking attack, but due to the event's twists and turns, most bottom-fishing efforts ended up being in vain.
Odaily reminds that the full picture of the attack has not been clearly presented, and the situation remains shrouded in fog. SocialFi products often have a loose correlation between token prices and fundamentals, and any current actions correspond to significant uncertainty. Proceed with caution and DYOR.
Moving forward, whether UXLINK's compensation plan can rebuild trust and whether the roadmap can be smoothly advanced will be key to whether the project can emerge from the quagmire. Odaily will continue to monitor and report on its latest developments.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
