Skip to main content
Security

Multi-Signature Wallet Compromised via DelegateCall, Draining Millions

A misconfigured `delegateCall` in a multi-signature wallet granted unauthorized administrative control, enabling asset drain and token minting, posing systemic risk to user funds.
September 28, 20253 min

A metallic, silver-toned electronic component, featuring intricate details and connection points, is partially enveloped by a translucent, vibrant blue, fluid-like substance. The substance forms a protective, organic-looking casing around the component, with light reflecting off its glossy surfaces, highlighting its depth and smooth contours against a soft grey background
A futuristic transparent device, resembling an advanced hardware wallet or cryptographic module, displays intricate internal components illuminated with a vibrant blue glow. The top surface features tactile buttons, including one marked with an '8', and a central glowing square, suggesting sophisticated user interaction for secure operations

Briefing

A recent exploit targeted a multi-signature wallet, leveraging a delegateCall vulnerability to grant an attacker full administrative control. This critical flaw allowed the malicious actor to remove legitimate admin privileges, replace them with their own, and subsequently drain approximately $4.5 million in stablecoins, Wrapped Bitcoin, and Ethereum. The attacker further destabilized the market by minting 10 trillion unauthorized tokens, causing the protocol’s token price to plummet by 70% and eroding $2.1 billion in market value. This incident highlights the profound financial consequences arising from technical misconfigurations in ostensibly secure systems.

The image showcases a high-tech device, featuring a prominent, faceted blue gem-like component embedded within a brushed metallic and transparent casing. A slender metallic rod runs alongside, emphasizing precision engineering and sleek design

Context

Prior to this incident, multi-signature wallets were widely considered a robust security measure, requiring multiple approvals for transactions and intended to mitigate single points of failure. However, the prevailing attack surface in decentralized finance (DeFi) continues to include complex smart contract interactions, where subtle logic flaws can be exploited. This exploit leveraged a known class of vulnerability related to improper handling of delegateCall functions, demonstrating that even established security primitives can be undermined by implementation errors.

A close-up view reveals a sleek, translucent device featuring a prominent metallic button and a subtle blue internal glow. The material appears to be a frosted polymer, with smooth, ergonomic contours

Analysis

The incident’s technical mechanics centered on a delegateCall vulnerability within the multi-signature wallet’s smart contract. The attacker exploited this flaw to execute a malicious function, specifically addOwnerWithThreshold , which allowed them to bypass existing access controls. By replacing the legitimate admin addresses with their own, the attacker gained unauthorized administrative privileges.

This compromise enabled the direct draining of funds from the wallet and facilitated the unauthorized minting of a vast quantity of new tokens, leading to severe market dilution and a significant drop in the token’s value. The chain of cause and effect demonstrates how a single misconfigured function can unravel an entire protocol’s security posture.

The image showcases an intricate array of metallic and composite structures, rendered in shades of reflective blue, dark blue, and white, interconnected by numerous bundled cables. These components form a complex, almost organic-looking, futuristic system with varying depths of focus highlighting its detailed construction

Parameters

  • Protocol Targeted ∞ UXLINK
  • Attack Vector ∞ DelegateCall Vulnerability in Multi-signature Wallet
  • Financial Impact ∞ $4.5 Million Drained Directly; $2.1 Billion Market Value Erosion
  • Assets Drained ∞ USDT, USDC, WBTC, ETH
  • Unauthorized Activity ∞ 10 Trillion Tokens Minted
  • Token Price Impact ∞ 70% Collapse
  • Date of Incident ∞ September 2025

A close-up view reveals a polished, metallic object, possibly a hardware wallet, partially encased within a vibrant blue, translucent framework. The entire structure is visibly covered in a layer of white frost, creating a striking contrast and suggesting extreme cold

Outlook

Immediate mitigation for users involves reassessing exposure to protocols utilizing complex multi-signature wallet implementations, particularly those with opaque delegateCall logic. This incident will likely establish new security best practices emphasizing rigorous, continuous auditing of all contract functions, especially those granting administrative control. Protocols must prioritize real-time monitoring of on-chain activity and robust contingency plans for rapid response, including token swaps and freezing suspicious deposits. The contagion risk extends to similar DeFi protocols that may share analogous architectural vulnerabilities, necessitating a systemic review across the ecosystem.

The UXLINK multi-signature wallet exploit serves as a stark reminder that even foundational security mechanisms can introduce systemic risk when implementation flaws allow for administrative privilege escalation and unbounded token supply manipulation.

Signal Acquired from ∞ ainvest.com

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

market value

Definition ∞ Market value represents the current worth of an asset as determined by supply and demand in the open marketplace.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

administrative control

Definition ∞ Administrative control denotes the authority an individual or entity possesses over a digital system, protocol, or asset.

Tags:

Tags: