.png){kind=logo}
UXLink has announced that its multi-signature wallet was hacked recently during a massive security breach. The investigators discovered that the attackers leveraged a vulnerability in smart contracts in its delegateCall functions. This enabled them to perform revocation of admin authority, take full ownership, and get control of the project assets of both the Ethereum and Arbitrum networks.
Once access was obtained, the attackers emptied the wallet of stablecoins, Ether, and wrapped Bitcoin. They also started minting UXLINK tokens unauthorisedly. The initial estimates of the new minting were one to two billion new tokens, but subsequent estimates indicated the possibility of up to trillions. According to UXLink, they reported the breach to law enforcement and were collaborating with security companies to monitor it.
The minting of the tokens immediately affected market stability. The price of UXLINK fell by over 70% in hours. It dropped as low as it could get to below $0.09; some trackers showed it fell as low as $0.03 intraday before a slight recovery. The volume of trading shot up due to panic selling, and this caused extreme volatility.
On-chain records indicated that the attacker quickly exchanged stolen tokens for Ether. According to analysts, six wallets associated with the exploit earned about 6,732 ETH, which is about $28 million. The quick trading of stolen money provided further selling pressure in the already weak market, compelling the liquidity providers to either adapt or withdraw.
The sudden supply shock overwhelmed available liquidity. The decentralized platforms saw an increase in order books, the spreading of trading, and a significant increase in slippage. These circumstances further enhanced the negative price spiral and escalated the undermining of confidence in the token.
UXLink responded by declaring that it was working with large centralized exchanges to freeze suspicious deposits. Exchanges such as Upbit, OKX, and Bybit halted trading or blocked flagged transactions related to the exploit. Analysts estimate that exchanges were able to freeze between $5 million and $7 million of the stolen money, but attackers still control $20 million to $30 million of the money.
To regain confidence, UXLink had to pledge a recovery plan. The team indicated that it would introduce a token swap program, where unauthorized tokens will be swapped with valid tokens in a 1:1 ratio, and the rest of the supply will be destroyed. It also put a new smart contract under audit, which was supposed to have a fixed amount of tokens to avoid additional unauthorized minting.
Ironically, blockchain experts later found that the attackers were themselves victims of phishing in the attack. It was also reported that the hacker lost over 500 million UXLINK tokens, worth almost 48 million, to another malicious player. UXLink stressed that it did not affect user wallets and recommended that its community be more careful and only refer to official updates after the recovery process is over.
Also Read: UXLINK Launches Groundbreaking AI Growth Agent to Revolutionize Web3 User Acquisition
