Security

UXLINK Multi-Sig Wallet Exploited, $11.3 Million Drained via DelegateCall

A critical delegate call vulnerability in UXLINK's multi-signature wallet granted attackers full administrative control, enabling unauthorized asset draining and token minting.
September 27, 20253 min

A close-up view reveals a high-tech device featuring a silver-grey metallic casing with prominent dark blue internal components and accents. A central, faceted blue translucent element glows brightly, suggesting active processing or energy flow within the intricate machinery
Three textured, translucent blocks, varying in height and displaying a blue gradient, stand in rippled water under a full moon. The blocks transition from clear at the top to deep blue at their base, reflecting in the surrounding liquid

Briefing

On September 22, 2025, the UXLINK multi-signature wallet suffered a critical exploit, resulting in an estimated $11.3 million loss of digital assets. Attackers leveraged a delegate call vulnerability to seize administrative control, enabling unauthorized fund transfers and the minting of 10 trillion UXLINK tokens, which caused a 70% price collapse and eroded $2.1 billion in market value. This incident highlights the profound systemic risk associated with misconfigured smart contract functions in multi-signature architectures.

A clear sphere encases a white sphere marked with a dark line, positioned before a vibrant, geometric blue structure. This visual composition symbolizes the secure encapsulation of digital assets and protocols within the blockchain ecosystem

Context

Prior to this incident, multi-signature wallets were generally considered a robust security measure, requiring multiple approvals for transactions. However, the prevailing attack surface included the inherent complexity of delegate call functions and the potential for misconfiguration, which could undermine the intended security guarantees. This class of vulnerability often arises when contract logic grants excessive privileges or fails to properly validate external calls, creating an exploitable pathway for adversaries.

A bright white sphere is surrounded by numerous shimmering blue crystalline cubes, forming a central, intricate mass. White, smooth, curved conduits and thin dark filaments emanate from this core, weaving through a blurred background of similar blue and white elements

Analysis

The incident’s technical mechanics centered on a delegate call vulnerability within UXLINK’s multi-signature wallet, specifically targeting the addOwnerWithThreshold function. The attacker exploited this flaw to remove legitimate admin privileges and replace them with their own address, effectively gaining full control over the wallet. This administrative access then facilitated unauthorized transfers, draining approximately $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH. Concurrently, the attacker minted 10 trillion counterfeit UXLINK tokens on the Arbitrum blockchain, which were then partially liquidated, destabilizing the market and causing a severe price crash.

The image displays a close-up of a high-tech electronic connector, featuring a brushed metallic silver body with prominent blue internal components and multiple black cables. Visible within the blue sections are intricate circuit board elements, including rows of small black rectangular chips and gold-colored contacts

Parameters

  • Protocol Targeted → UXLINK
  • Attack VectorDelegate Call Vulnerability (Multi-signature Wallet)
  • Financial Impact → $11.3 Million (total estimated loss)
  • Affected Assets → USDT, USDC, WBTC, ETH, UXLINK tokens
  • Affected Blockchain → Arbitrum
  • Token Price Impact → 70% collapse, $2.1 Billion market value eroded
  • Exploit Date → September 22-23, 2025

A close-up view reveals a sophisticated, translucent blue electronic device with a central, raised metallic button. Luminous blue patterns resembling flowing energy or data are visible beneath the transparent surface, extending across the device's length

Outlook

Immediate mitigation for affected users involved UXLINK’s implementation of a token swap to restore supply integrity, while broader implications necessitate a re-evaluation of multi-signature wallet security. This incident will likely establish new security best practices, emphasizing mandatory smart contract audits, enhanced wallet security measures, and robust collaboration frameworks with exchanges to freeze illicit assets. Protocols must prioritize a “security-first” mindset, investing in continuous audits and bug bounty programs to preempt similar delegate call vulnerabilities.

The UXLINK exploit serves as a critical reminder that even established security primitives like multi-signature wallets are susceptible to sophisticated smart contract vulnerabilities, underscoring the urgent need for continuous auditing and rigorous access control validation across the digital asset landscape.

Signal Acquired from → ainvest.com

Micro Crypto News Feeds

administrative control

Definition ∞ Administrative control denotes the authority an individual or entity possesses over a digital system, protocol, or asset.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

delegate call

Definition ∞ A delegate call represents a specialized instruction within Ethereum smart contracts, permitting one contract to execute code from another contract.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

market value

Definition ∞ Market value represents the current worth of an asset as determined by supply and demand in the open marketplace.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

wallet security

Definition ∞ Wallet security refers to the measures and practices implemented to protect digital wallets, which store private keys for accessing and managing digital assets.

Tags:

Tags: