UXLINK suffered an exploit on September 22 that drained over $11.3 million in assets from the project.
The incident involved hackers who took advantage of a vulnerability in the project’s multi-signature wallet that let them gain admin rights.
Details of the Breach
Blockchain security firm CyversAlerts alerted the community to the breach via an X post, noting that it had detected $11.3 million in suspicious transactions involving the web3 social project. Their analysis reveals that the hacker used an Ethereum address to carry out a “delegateCall,” stripped away the admin role, and installed a new owner with special permissions.
They proceeded to move the funds, including $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH. The stolen USDT and USDC were then converted to DAI on Ethereum, while USDT on Arbitrum was swapped to ETH and bridged back to the former. Not long after, a second address linked to the attack received 10 million UXLINK tokens worth around $3 million, with some already being traded.
UXLINK later confirmed the incident on X, stating, “We have identified a security breach involving our multi-signature wallet, resulting in a significant amount of cryptocurrency being illicitly transferred to both CEXs and DEXs.”
The company said it was working with internal and external security experts to identify the cause of the hack and contain the damage. It added that major platforms had been contacted to freeze suspicious UXLINK deposits, with coordination underway to stop further fund transfers. The case has also been forwarded to law enforcement and other authorities to speed up legal action and recovery efforts.
UXLINK Plunges by Over 70%
Despite intervention from exchanges such as Upbit, the exploit has severely impacted the token’s supply. In an update, the crypto project disclosed that the hacker had started minting UXLINK tokens.
PeckShieldAlert noted that between 1 and 2 billion were created on Arbitrum, nearly doubling the token’s circulating supply. Roughly 490 million of these were dumped across DEXs and CEXs, causing a sharp sell-off. UXLINK’s price dropped by more than 70%, sliding from $0.30 to roughly $0.09, and wiping out around $70 million in market capitalization.
Although Upbit reportedly froze $5–7 million worth of assets, most of the stolen funds, converted into 6,732 ETH valued at $28.1 million, remain under the attacker’s control. In an interesting twist, the exploiters also later fell victim to a scam by the Inferno Drainer group, losing over 542 million stolen tokens.
UXLINK has since announced plans for a token swap to restore supply integrity and compensate affected holders. Further instructions will be issued through its official accounts.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
