Skip to main content
Security

Multi-Signature Wallet Compromised via DelegateCall, Draining Millions

A misconfigured `delegateCall` in a multi-signature wallet granted unauthorized administrative control, enabling asset drain and token minting, posing systemic risk to user funds.
September 28, 20253 min

A translucent, frosted rectangular module displays two prominent metallic circular buttons, set against a dynamic backdrop of flowing blue and reflective silver elements. This sophisticated interface represents a critical component in secure digital asset management, likely a hardware wallet designed for cold storage of private keys
A clear, faceted, crystalline object rests on a dark surface, partially enclosing a dark blue, textured component. A central metallic gear-like mechanism is embedded within the blue material, from which a black cable extends across the foreground towards a blurred, multi-toned mechanical device in the background

Briefing

A recent exploit targeted a multi-signature wallet, leveraging a delegateCall vulnerability to grant an attacker full administrative control. This critical flaw allowed the malicious actor to remove legitimate admin privileges, replace them with their own, and subsequently drain approximately $4.5 million in stablecoins, Wrapped Bitcoin, and Ethereum. The attacker further destabilized the market by minting 10 trillion unauthorized tokens, causing the protocol’s token price to plummet by 70% and eroding $2.1 billion in market value. This incident highlights the profound financial consequences arising from technical misconfigurations in ostensibly secure systems.

A close-up view highlights a futuristic in-ear monitor, featuring a translucent deep blue inner casing with intricate internal components and clear outer shell. Polished silver metallic connectors are visible, contrasting against the blue and transparent materials, set against a soft grey background

Context

Prior to this incident, multi-signature wallets were widely considered a robust security measure, requiring multiple approvals for transactions and intended to mitigate single points of failure. However, the prevailing attack surface in decentralized finance (DeFi) continues to include complex smart contract interactions, where subtle logic flaws can be exploited. This exploit leveraged a known class of vulnerability related to improper handling of delegateCall functions, demonstrating that even established security primitives can be undermined by implementation errors.

A clear sphere encases a white sphere marked with a dark line, positioned before a vibrant, geometric blue structure. This visual composition symbolizes the secure encapsulation of digital assets and protocols within the blockchain ecosystem

Analysis

The incident’s technical mechanics centered on a delegateCall vulnerability within the multi-signature wallet’s smart contract. The attacker exploited this flaw to execute a malicious function, specifically addOwnerWithThreshold , which allowed them to bypass existing access controls. By replacing the legitimate admin addresses with their own, the attacker gained unauthorized administrative privileges.

This compromise enabled the direct draining of funds from the wallet and facilitated the unauthorized minting of a vast quantity of new tokens, leading to severe market dilution and a significant drop in the token’s value. The chain of cause and effect demonstrates how a single misconfigured function can unravel an entire protocol’s security posture.

The image showcases an intricate array of metallic and composite structures, rendered in shades of reflective blue, dark blue, and white, interconnected by numerous bundled cables. These components form a complex, almost organic-looking, futuristic system with varying depths of focus highlighting its detailed construction

Parameters

  • Protocol Targeted ∞ UXLINK
  • Attack Vector ∞ DelegateCall Vulnerability in Multi-signature Wallet
  • Financial Impact ∞ $4.5 Million Drained Directly; $2.1 Billion Market Value Erosion
  • Assets Drained ∞ USDT, USDC, WBTC, ETH
  • Unauthorized Activity ∞ 10 Trillion Tokens Minted
  • Token Price Impact ∞ 70% Collapse
  • Date of Incident ∞ September 2025

The image showcases a high-precision hardware component, featuring a prominent brushed metal cylinder partially enveloped by a translucent blue casing. Below this, a dark, wavy-edged interface is meticulously framed by polished metallic accents, set against a muted grey background

Outlook

Immediate mitigation for users involves reassessing exposure to protocols utilizing complex multi-signature wallet implementations, particularly those with opaque delegateCall logic. This incident will likely establish new security best practices emphasizing rigorous, continuous auditing of all contract functions, especially those granting administrative control. Protocols must prioritize real-time monitoring of on-chain activity and robust contingency plans for rapid response, including token swaps and freezing suspicious deposits. The contagion risk extends to similar DeFi protocols that may share analogous architectural vulnerabilities, necessitating a systemic review across the ecosystem.

The UXLINK multi-signature wallet exploit serves as a stark reminder that even foundational security mechanisms can introduce systemic risk when implementation flaws allow for administrative privilege escalation and unbounded token supply manipulation.

Signal Acquired from ∞ ainvest.com

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

market value

Definition ∞ Market value represents the current worth of an asset as determined by supply and demand in the open marketplace.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

administrative control

Definition ∞ Administrative control denotes the authority an individual or entity possesses over a digital system, protocol, or asset.

Tags:

Tags: