Knowledge popularization lesson thirty-three
The following content requires reading for 3-5 minutes

Cryptocurrency security: Review of the UXLINK hacking case

Incident overview

On September 23, 2025, the decentralized social platform UXLINK suffered a severe hacking attack, with attackers manipulating multi-signature wallet permissions to steal approximately $11.3 million in crypto assets and maliciously issuing a large number of tokens, leading to market panic, causing the UXLINK token price to plummet over 70% in a single day. The incident exposed significant vulnerabilities in Web3 project multi-signature wallet security management and raised concerns about the 'black eats black' phenomenon in the hacker industrial chain.


Attack technical details

🔸Permission tampering and asset theft
Blockchain security company Cyvers Alerts monitoring shows that the attacker implemented the attack through the following steps:

1. Permission takeover: Utilizing the delegateCall function vulnerability to remove contract administrator permissions.

2. Implanting malicious permissions: Calling the addOwnerWithThreshold function to add new multi-signature members.

3. Asset transfer: Transferring approximately 4 million USDT, 500,000 USDC, 3.7 WBTC, and 25 ETH.

4. Cross-chain money laundering: Exchanging stablecoins for DAI on the Ethereum network and exchanging USDT on Arbitrum for ETH and bridging to Ethereum.

🔸Malicious issuance and market manipulation
After gaining permissions, the attacker conducted large-scale token issuance:

1. Issuing 2 billion UXLINK tokens on the Arbitrum network (official total supply is only 1 billion).

2. Simultaneously selling through 6 wallet addresses on DEX and CEX, leading to a surge in circulation of 1700%.

3. On-chain data shows that the hacker cashed out 6,732 ETH (approximately $28.1 million) through sales.

Market response

🔸Price crash: The price of UXLINK tokens dropped from $0.30 to $0.09, a decrease of 70%.

🔸Market value evaporation: Approximately $70 million in market value disappeared.

🔸Transaction volume surge: 24-hour transaction volume increased by 1700%, reaching a historical peak.

🔸User panic: A user attempted to bottom-fish by spending $927,000 to buy in, resulting in a floating loss of 99.8% due to continued issuance.

Hacker follow-up: Black eats black reversal

The incident took a dramatic turn, with hackers encountering phishing attacks during cashing out:

🔸Phishing losses:
The hacker's address authorized malicious increaseAllowance, resulting in 542 million UXLINK being transferred by the phishing gang Inferno Drainer.

🔸On-chain tracking: Transaction hash 0xa70674ccc9caa17d6efaf3f6fcbd5dec40011744c18a1057f391a822f11986ee shows asset flow to phishing address.

🔸Loss valuation:
The value of stolen tokens is approximately $48 million, exceeding the original attack profits.

Project party response measures

🔸Emergency response:
Collaborating with security companies like PeckShield for vulnerability tracing.
Contacting exchanges like Kraken and Upbit to freeze assets of suspicious addresses.
Reporting to law enforcement and initiating legal proceedings.

🔸Technical remediation:
1. Suspend UXLINK token trading to prevent malicious circulation.
2. Submit a new smart contract for security audit, adopting a fixed supply design.
3. Plan to initiate token replacement, replacing damaged tokens with a new contract.

🔸Community communication:
1. Issue multiple rounds of security announcements to disclose incident progress.
2. Commit to formulating compensation plans for affected users.
3. Emphasize that users' personal wallets were not directly affected.



Incident insights

🔸Security vulnerability warning

1. Multi-signature wallet risk: Even with a multi-signature mechanism, flaws in permission management logic may still lead to complete loss of control.

2. Smart contract audit: The project party failed to timely discover access control vulnerabilities in the delegateCall function.

3. Insufficient emergency response: Emergency freeze mechanisms were not set for issuance permissions, leading to the expansion of the attack.

Industry reflection

🔸Complexity of hacker ecology: The 'black eats black' chain from attack to phishing shows the specialization of crypto crime.

🔸Lack of market regulation: Cross-exchange collaborative freezing mechanism is inefficient, allowing hackers a window for money laundering.

🔸Insufficient user education: Some users blindly attempted to bottom-fish after the price crash, reflecting weak risk awareness.

Subsequent progress


As of September 24, 2025, the project party has completed the following tasks:

🔸Successfully froze approximately 60% of the stolen assets (mainly from centralized exchanges).

🔸The new contract has passed preliminary security audits, and the token replacement plan will be announced soon.

🔸Cooperating with Interpol to track the hacker's identity, on-chain fund flow to dark web exchanges.

This incident has become a typical case in Web3 security governance, reminding us that cybersecurity is critical, even multi-signature wallets may have vulnerabilities. The project party needs to strengthen smart contract security audits and permission management, while users should remain vigilant and choose secure and reliable exchanges: Binance Exchange (feel free to use my invitation code: UM65FZQV).