Author: Zhou, ChainCatcher

On the evening of September 22, the Web3 social platform UXLINK experienced a severe security incident. Hackers used delegateCall to remove the original administrator of the project's multi-signature vault and added a self-controlled address, subsequently gaining minting and management authority. They transferred USDT, USDC, WBTC, ETH, and some UXLINK from wallets and authorized addresses controlled by the project team, involving approximately $11.3 million in finances.

Subsequently, the hackers illegally minted UXLINK on Arbitrum (over 1 billion tokens) and began to sell them off. According to on-chain tracking data, the hackers sold approximately 490 million UXLINK through six addresses in both decentralized and centralized scenarios, exchanging them for 6,732 ETH, worth about $28.1 million at the time. Additionally, the hackers sold a large amount of UXLINK on various CEXs.

The combination of abnormal supply and concentrated selling triggered a rapid decline in UXLINK's price within hours, dropping from about $0.30 to a range of $0.07 to $0.10, with a stage decline of 70% to 77%; its market capitalization fell from about $144 million to $37 million, and the 24-hour trading volume surged by 2622.70% to $309 million.

According to on-chain monitoring data, after the UXLINK project was attacked by hackers, a certain address spent $927,000 to buy UXLINK tokens at an average price of $0.03283. As the price plummeted, the loss rate approached 99.8%.

After the incident, the UXLINK team issued an overnight announcement, stating that they were collaborating with multiple exchanges to freeze the involved funds and suspend related trading, and were working with law enforcement and security companies to investigate. Meanwhile, the project team promised to announce details of the token swap soon and warned users not to trade on decentralized exchanges to prevent further losses.

The South Korean exchange Upbit announced on September 23 that it would list UXLINK as a warning asset and suspend deposits, with a review period until October 17, citing insufficient project disclosure and abnormal minting authority that could lead to user losses, while also proposing compensation arrangements for affected accounts.

Market sentiment towards the UXLINK token gradually spread negatively. Ledger's Chief Technology Officer Charles Guillemet pointed out that the wallet still being under hacker control indicates that the private keys have been completely leaked, possibly through software wallets or even plain text seed backups. They attempted to redeem these massive amounts of UXLINK, leading to a complete depletion of liquidity on Uniswap; although it is currently unclear how much UXLINK was successfully redeemed, the attackers still hold a large amount of UXLINK, which may become worthless. He also stated that clearing signatures and transaction verification could resolve this issue.

Notable crypto researcher Jason Chen stated that the UXLINK project suffered an economic model collapse due to the hacker attack, with the hackers infinitely minting tokens, bringing the price close to zero, a situation that is nearly irretrievable, and community trust is rapidly eroding.

It is worth mentioning that on the morning of the 23rd, monitoring showed that the involved address had suspicious interactions and fund outflows again, suggesting that the hackers might have fallen victim to "black eat black." According to a report from PeckShieldAlert, the hacker address related to this intrusion was subsequently phished, with a sample marked as Fake_Phishing1309277 transferring 542 million UXLINK away, worth about $48 million at the time.

SlowMist founder Yu Xian tweeted that the UXLINK hackers may have encountered a phishing attack from Inferno Drainer, and the approximately 542 million UXLINK they previously stole might have been phished away by Inferno Drainer using ordinary authorization phishing techniques.

In fact, attacks on multi-signature wallets in the cryptocurrency field are not a new occurrence. Statistics show that in 2024, global hacker incidents of this kind caused losses exceeding $2 billion, including security vulnerabilities in multi-signature wallets of WazirX and Radiant Capital.

In previous cases, to rebuild trust and reduce legal risks, common compensation measures taken by project teams included freezing funds, refunding reserves, token swaps, and security upgrades. The current plan for UXLINK is a token swap, with specific swap details pending official announcement.

Click to learn about job openings at ChainCatcher

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。