Security

UXLINK Exploiter Loses $48 Million to Sophisticated Phishing Attack

A malicious `increaseAllowance` signature allowed a phishing group to drain $48 million from a prior UXLINK exploiter, underscoring persistent social engineering risks.
September 23, 20253 min

A highly detailed render showcases intricate glossy blue and lighter azure bands dynamically interwoven around dark, metallic, rectangular modules. The reflective surfaces and precise engineering convey a sense of advanced technological design and robust construction
A close-up view reveals a sophisticated metallic device, intricately connected to luminous blue crystalline structures and dark grey cables. The central component features a distinct Ethereum logo, signifying its role within the blockchain ecosystem

Briefing

A recent security incident saw an attacker who initially compromised the UXLINK AI-powered Web3 social platform’s multi-signature wallet fall victim to a sophisticated phishing scam. This “hacker-on-hacker” event resulted in the original exploiter losing approximately $48 million in stolen UXLINK tokens to a secondary threat actor. The incident highlights the pervasive and unpredictable nature of social engineering attacks within the decentralized finance ecosystem, demonstrating that even sophisticated cybercriminals are susceptible to basic security pitfalls.

A close-up view presents a sophisticated metallic device, predominantly silver and blue, revealing intricate internal gears and components, some featuring striking red details, all situated on a deep blue backdrop. A central, brushed metal plate with a bright blue circular ring is partially lifted, exposing the complex mechanical workings beneath

Context

Prior to this incident, the broader DeFi landscape has consistently faced vulnerabilities stemming from both technical flaws and human factors. While smart contract audits aim to mitigate code-level risks, the attack surface often extends to administrative controls, private key management, and user interaction points. This environment fosters an ongoing threat where even illicitly gained assets remain vulnerable to further exploitation through common cyber threats like phishing, underscoring a systemic lack of robust safeguards in decentralized finance.

The image showcases a detailed, close-up perspective of a mechanical assembly, composed of gleaming silver and deep blue elements. Prominently featured within this intricate machinery are several irregularly shaped, translucent blue crystalline forms, reminiscent of ice

Analysis

The initial UXLINK compromise involved the attacker leveraging a vulnerability within the platform’s multi-signature wallet, executing a delegateCall to alter administrative roles and gain unauthorized control. This allowed the malicious actor to mint and subsequently offload UXLINK tokens, netting approximately $28.1 million in ETH. However, the exploiter’s subsequent downfall was a result of a phishing attack, where they unknowingly signed a malicious increaseAllowance contract. This action granted another threat group, reportedly linked to the Inferno Drainer network, the permissions necessary to transfer the $48 million in stolen UXLINK tokens from the original exploiter’s wallet to their own addresses.

A sophisticated mechanical component, predominantly silver and dark blue, is depicted immersed in a dynamic mass of translucent blue bubbles. The central element is a distinct silver square module with intricate concentric circles, reminiscent of a cryptographic primitive or a secure oracle interface

Parameters

  • Initial Victim → UXLINK Platform
  • Secondary Victim → UXLINK Exploiter
  • Initial Attack Vector → Multi-signature Wallet Compromise
  • Secondary Attack Vector → Phishing (Malicious increaseAllowance Signature)
  • Total Funds Lost by Exploiter → $48 Million UXLINK Tokens
  • Blockchain(s) Involved → Ethereum, Arbitrum
  • Date of Secondary Exploit → September 23, 2025
  • Threat Group (Secondary) → Allegedly Inferno Drainer Network

A detailed perspective showcases a blue, glitter-textured, open-lattice structure, featuring multiple embedded metallic bearings. A silver-toned tool with a blue accent is precisely inserted into one of these bearings, highlighting mechanical engagement

Outlook

This incident serves as a critical reminder that the security posture of digital assets extends beyond protocol-level vulnerabilities to encompass the operational security of all participants, including threat actors themselves. Users and protocols must implement stringent multi-factor authentication, exercise extreme caution with wallet signatures, and regularly audit all contract interactions. The “hacker-on-hacker” dynamic may lead to increased vigilance among criminal elements, but for legitimate users, it reinforces the necessity of adopting comprehensive security practices and recognizing phishing as a persistent, high-impact threat that targets human judgment.

Intricate metallic components and a network of wires form a complex, layered mechanism in shades of blue. This abstract representation visualizes the sophisticated engineering behind decentralized finance DeFi and blockchain networks

Verdict

The UXLINK “hacker-on-hacker” event decisively demonstrates that even illicitly acquired digital assets remain critically exposed to social engineering, highlighting an enduring vulnerability across the entire decentralized ecosystem.

Signal Acquired from → Coinspeaker.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

decentralized finance

Definition ∞ Decentralized finance, often abbreviated as DeFi, is a system of financial services built on blockchain technology that operates without central intermediaries.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

wallet compromise

Definition ∞ A wallet compromise signifies a security breach where an unauthorized party gains access to a user's private keys or recovery phrases.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

network

Definition ∞ A network is a system of interconnected computers or devices capable of communication and resource sharing.

digital assets

Definition ∞ Digital assets are any form of property that exists in a digital or electronic format and is capable of being owned and transferred.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

Tags:

Tags: