Security

UXLINK Multi-Sig Wallet Exploited, $11.3 Million Drained via DelegateCall

A critical delegate call vulnerability in UXLINK's multi-signature wallet granted attackers full administrative control, enabling unauthorized asset draining and token minting.
September 27, 20253 min

An abstract, dark, multi-layered object with intricate, organic-like cutouts is depicted, covered and surrounded by a multitude of small, glowing blue and white particles. These particles appear to flow dynamically across its surface and through its internal structures, creating a sense of movement and digital interaction
A sleek, rectangular device, crafted from polished silver-toned metal and dark accents, features a transparent upper surface revealing an intricate internal mechanism glowing with electric blue light. Visible gears and precise components suggest advanced engineering within this high-tech enclosure

Briefing

On September 22, 2025, the UXLINK multi-signature wallet suffered a critical exploit, resulting in an estimated $11.3 million loss of digital assets. Attackers leveraged a delegate call vulnerability to seize administrative control, enabling unauthorized fund transfers and the minting of 10 trillion UXLINK tokens, which caused a 70% price collapse and eroded $2.1 billion in market value. This incident highlights the profound systemic risk associated with misconfigured smart contract functions in multi-signature architectures.

A white, spherical sensor with a transparent dome showcases detailed blue internal circuitry, akin to an advanced AI iris or a high-tech biometric scanner. This imagery powerfully represents the underlying mechanisms of blockchain and cryptocurrency, focusing on secure identity authentication and the cryptographic protocols that safeguard digital assets

Context

Prior to this incident, multi-signature wallets were generally considered a robust security measure, requiring multiple approvals for transactions. However, the prevailing attack surface included the inherent complexity of delegate call functions and the potential for misconfiguration, which could undermine the intended security guarantees. This class of vulnerability often arises when contract logic grants excessive privileges or fails to properly validate external calls, creating an exploitable pathway for adversaries.

Two abstract, textured formations, one dark blue and crystalline, the other white fading to blue, are partially submerged in calm, reflective water under a light blue sky. A white, dimpled sphere rests between them

Analysis

The incident’s technical mechanics centered on a delegate call vulnerability within UXLINK’s multi-signature wallet, specifically targeting the addOwnerWithThreshold function. The attacker exploited this flaw to remove legitimate admin privileges and replace them with their own address, effectively gaining full control over the wallet. This administrative access then facilitated unauthorized transfers, draining approximately $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH. Concurrently, the attacker minted 10 trillion counterfeit UXLINK tokens on the Arbitrum blockchain, which were then partially liquidated, destabilizing the market and causing a severe price crash.

A sophisticated, silver-grey hardware device with dark trim is presented from an elevated perspective, showcasing its transparent top panel. Within this panel, two prominent, icy blue, crystalline formations are visible, appearing to encase internal components

Parameters

  • Protocol Targeted → UXLINK
  • Attack VectorDelegate Call Vulnerability (Multi-signature Wallet)
  • Financial Impact → $11.3 Million (total estimated loss)
  • Affected Assets → USDT, USDC, WBTC, ETH, UXLINK tokens
  • Affected Blockchain → Arbitrum
  • Token Price Impact → 70% collapse, $2.1 Billion market value eroded
  • Exploit Date → September 22-23, 2025

The foreground presents a detailed view of a sophisticated, dark blue hardware module, secured with four visible metallic bolts. A prominent circular cutout showcases an intricate white wireframe polyhedron, symbolizing a cryptographic primitive essential for secure transaction processing

Outlook

Immediate mitigation for affected users involved UXLINK’s implementation of a token swap to restore supply integrity, while broader implications necessitate a re-evaluation of multi-signature wallet security. This incident will likely establish new security best practices, emphasizing mandatory smart contract audits, enhanced wallet security measures, and robust collaboration frameworks with exchanges to freeze illicit assets. Protocols must prioritize a “security-first” mindset, investing in continuous audits and bug bounty programs to preempt similar delegate call vulnerabilities.

The UXLINK exploit serves as a critical reminder that even established security primitives like multi-signature wallets are susceptible to sophisticated smart contract vulnerabilities, underscoring the urgent need for continuous auditing and rigorous access control validation across the digital asset landscape.

Signal Acquired from → ainvest.com

Micro Crypto News Feeds

administrative control

Definition ∞ Administrative control denotes the authority an individual or entity possesses over a digital system, protocol, or asset.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

delegate call

Definition ∞ A delegate call represents a specialized instruction within Ethereum smart contracts, permitting one contract to execute code from another contract.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

market value

Definition ∞ Market value represents the current worth of an asset as determined by supply and demand in the open marketplace.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

wallet security

Definition ∞ Wallet security refers to the measures and practices implemented to protect digital wallets, which store private keys for accessing and managing digital assets.

Tags:

Tags: