On September 22, UXLINK experienced a catastrophic security vulnerability. Hackers exploited weaknesses in its multi-signature wallet to gain administrative access. Blockchain security company CyversAlerts reported detecting illegal transactions involving amounts up to $11.3 million. The hackers executed a "delegateCall" through an Ethereum address, performing complex operations to create a new account with special permissions.
The stolen assets included: $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH. The hackers exchanged the stolen USDT and USDC for DAI on Ethereum, while the USDT on Arbitrum was converted to ETH and sent back. UXLINK announced that they are working with security experts to identify the root cause and mitigate losses, while also contacting major exchanges to freeze UXLINK deposits related to the attack and reporting to law enforcement.
However, the situation did not end there. The token supply of UXLINK faced a rapid impact. Although exchanges like Upbit froze assets worth approximately $5 to $7 million, the hackers still minted 1 to 2 billion new UXLINK tokens on Arbitrum, nearly doubling the circulating supply. The price of UXLINK plummeted over 70%, dropping from $0.30 to about $0.09, with the market cap evaporating by approximately $70 million.
After UXLINK suffered a hacker attack, asset transfers, and massive token inflation, an unexpected twist occurred. The successfully infiltrated hackers soon fell victim to a phishing attack. According to reports from on-chain security companies and several media outlets, the hacker, while transferring and attempting to dispose of the stolen tokens, allegedly clicked or authorized a malicious contract, triggering the phishing behavior.
The final result was that the hacker lost approximately 542 million UXLINK tokens, worth nearly $48 million at the time of the market price. This "black eats black" process added a layer of irony to the entire incident.
Security researchers pointed out that this phishing attack was likely related to the notorious "Inferno Drainer." This is a draining-as-a-service phishing tool designed to lure users into signing authorized transactions; once caught, attackers can instantly transfer tokens and NFTs from the victim's wallet. The hacker likely became a new victim due to carelessness in the operation.
Yuxian, co-founder of SlowMist Technology, also posted two transaction hashes on X as evidence, joking, "I was wondering why the on-chain analysis was getting stranger and stranger…"
The UXLink team quickly took several measures to respond to the crisis after the hacker attack. In addition to cooperating with several centralized exchanges (CEX) to freeze suspicious funds and report to law enforcement, the team also plans to restore trust and stabilize the token economy through token swaps, new contracts, and security audits. However, the project team has not publicly disclosed detailed technical repair plans or timelines.
In the community, some investors chose to "buy the dip" after the token price plummeted, attempting to profit when prices rebound in the future. However, due to the lack of clear official guidance and confidence restoration measures, this "buying the dip" behavior may carry high risks. According to on-chain analyst Ai Yi (@ai_9684xtpa), a user attempted to "walk the razor's edge" after the UXLINK hacking incident, investing about $927,000 in tokens to bet on a rebound. However, due to the subsequent malicious inflation of tokens to 100 trillion, the token price nearly dropped to zero, resulting in a floating loss of $925,000, nearly a 99.8% loss.
Although multi-signature wallets are designed to reduce single-point risks through multiple signatures, hackers successfully bypassed multi-signature controls by exploiting contract vulnerabilities, transferring assets and massively inflating tokens. This indicates that the multi-signature mechanism itself is not foolproof, and contract design and permission management are equally critical.
Based on the experience of the incident, safe use of multi-signature wallets requires attention to the following: First, choose multi-signature contracts that have undergone security audits, avoiding self-developed or unverified code; second, set reasonable signature thresholds to balance security and operational convenience; third, decentralize signers and private key management, using hardware or cold wallets to prevent single-point risks from centralized control; at the same time, operate authorized transactions cautiously, avoiding blind buying or authorizing unknown contracts; additionally, mechanisms such as time locks, large transfer approvals, and emergency backup wallets can be introduced to reduce the risk of sudden asset loss; finally, regularly audit and update contracts and dependencies to promptly fix potential vulnerabilities.
The UXLINK incident, from hacker intrusion and exploitation of multi-signature wallet vulnerabilities to the hacker themselves falling victim to phishing attacks, and community investors suffering heavy losses from buying the dip, fully illustrates the multiple risks inherent in cryptocurrency asset management. For project teams, establishing a comprehensive security audit, transparent communication, and rapid response mechanism is crucial; for investors and community members, it is essential to remain rational, avoid blindly chasing prices or buying the dip, and effectively enhance risk awareness.
Related: The UXLink hacking incident reveals the risks of centralized control in DeFi projects.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
