Security

UXLINK Exploiter Loses $48 Million to Sophisticated Phishing Attack

A malicious `increaseAllowance` signature allowed a phishing group to drain $48 million from a prior UXLINK exploiter, underscoring persistent social engineering risks.
September 23, 20253 min

A futuristic, multi-segmented white device with visible internal components and solar panels is partially submerged in turbulent blue water. The water actively splashes around the device, creating numerous bubbles and visible ripples across the surface
The image displays a close-up of a sleek, translucent blue object with a prominent brushed metallic band. A small, circular, luminous blue button or indicator is embedded in the center of the metallic band

Briefing

A recent security incident saw an attacker who initially compromised the UXLINK AI-powered Web3 social platform’s multi-signature wallet fall victim to a sophisticated phishing scam. This “hacker-on-hacker” event resulted in the original exploiter losing approximately $48 million in stolen UXLINK tokens to a secondary threat actor. The incident highlights the pervasive and unpredictable nature of social engineering attacks within the decentralized finance ecosystem, demonstrating that even sophisticated cybercriminals are susceptible to basic security pitfalls.

A close-up view presents an intricate array of blue and silver electronic components, meticulously arranged on what appears to be a complex circuit board. The foreground elements are in sharp focus, revealing detailed micro-components and pathways, while similar structures recede into a blurred background

Context

Prior to this incident, the broader DeFi landscape has consistently faced vulnerabilities stemming from both technical flaws and human factors. While smart contract audits aim to mitigate code-level risks, the attack surface often extends to administrative controls, private key management, and user interaction points. This environment fosters an ongoing threat where even illicitly gained assets remain vulnerable to further exploitation through common cyber threats like phishing, underscoring a systemic lack of robust safeguards in decentralized finance.

A sequence of interconnected white spheres forms the central focus, each surrounded by a dense, intricate arrangement of dark, angular elements emanating electric blue light. These structures are further enveloped and linked by smooth white rings and thin, delicate lines, creating a sense of complex, organized flow

Analysis

The initial UXLINK compromise involved the attacker leveraging a vulnerability within the platform’s multi-signature wallet, executing a delegateCall to alter administrative roles and gain unauthorized control. This allowed the malicious actor to mint and subsequently offload UXLINK tokens, netting approximately $28.1 million in ETH. However, the exploiter’s subsequent downfall was a result of a phishing attack, where they unknowingly signed a malicious increaseAllowance contract. This action granted another threat group, reportedly linked to the Inferno Drainer network, the permissions necessary to transfer the $48 million in stolen UXLINK tokens from the original exploiter’s wallet to their own addresses.

The image displays a disassembled technological component, featuring white, smooth exterior segments separated to reveal glowing blue, translucent internal mechanisms. These intricate parts are centrally aligned on a metallic shaft, with blurred blue elements in the background suggesting a larger, interconnected system

Parameters

  • Initial Victim → UXLINK Platform
  • Secondary Victim → UXLINK Exploiter
  • Initial Attack Vector → Multi-signature Wallet Compromise
  • Secondary Attack Vector → Phishing (Malicious increaseAllowance Signature)
  • Total Funds Lost by Exploiter → $48 Million UXLINK Tokens
  • Blockchain(s) Involved → Ethereum, Arbitrum
  • Date of Secondary Exploit → September 23, 2025
  • Threat Group (Secondary) → Allegedly Inferno Drainer Network

The image presents an abstract, high-tech mechanism featuring translucent blue and clear components in a dynamic arrangement. Two ribbed, cylindrical structures are interconnected by multiple transparent, flexible strands, surrounded by shimmering crystalline spheres against a soft, blurred background

Outlook

This incident serves as a critical reminder that the security posture of digital assets extends beyond protocol-level vulnerabilities to encompass the operational security of all participants, including threat actors themselves. Users and protocols must implement stringent multi-factor authentication, exercise extreme caution with wallet signatures, and regularly audit all contract interactions. The “hacker-on-hacker” dynamic may lead to increased vigilance among criminal elements, but for legitimate users, it reinforces the necessity of adopting comprehensive security practices and recognizing phishing as a persistent, high-impact threat that targets human judgment.

The image displays a sophisticated, angular device featuring a metallic silver frame and translucent, flowing blue internal components. A distinct white "1" is visible on one of the blue elements

Verdict

The UXLINK “hacker-on-hacker” event decisively demonstrates that even illicitly acquired digital assets remain critically exposed to social engineering, highlighting an enduring vulnerability across the entire decentralized ecosystem.

Signal Acquired from → Coinspeaker.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

decentralized finance

Definition ∞ Decentralized finance, often abbreviated as DeFi, is a system of financial services built on blockchain technology that operates without central intermediaries.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

wallet compromise

Definition ∞ A wallet compromise signifies a security breach where an unauthorized party gains access to a user's private keys or recovery phrases.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

network

Definition ∞ A network is a system of interconnected computers or devices capable of communication and resource sharing.

digital assets

Definition ∞ Digital assets are any form of property that exists in a digital or electronic format and is capable of being owned and transferred.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

Tags:

Tags: