Skip to main content
Security

UXLINK Multi-Sig Wallet Exploited, Attacker Phished via Malicious Contract

A `delegateCall` flaw in UXLINK's multi-sig enabled asset drain and token minting, highlighting critical access control risks.
September 27, 20253 min

A close-up view reveals a sophisticated, translucent blue electronic device with a central, raised metallic button. Luminous blue patterns resembling flowing energy or data are visible beneath the transparent surface, extending across the device's length
A detailed view captures a gleaming, multi-layered metallic framework housing embedded radiant blue square panels and numerous scattered blue gems. Fine white bubbles intricately cover parts of the structure, creating a dynamic texture against the sharp, reflective surfaces

Briefing

The UXLINK protocol suffered a critical security breach originating from a delegateCall vulnerability within its multi-signature wallet, granting the attacker unauthorized administrative control. This compromise led to the illicit minting of trillions of CRUXLINK tokens and the draining of significant liquidity, causing a severe market value collapse. In an unusual turn, the primary attacker subsequently fell victim to a phishing scam, losing approximately $43 million in stolen UXLINK tokens to the Inferno Drainer group, complicating recovery efforts.

A detailed perspective showcases a high-tech module, featuring a prominent circular sensor with a brushed metallic surface, enveloped by a translucent blue protective layer. Beneath, multiple dark gray components are stacked upon a silver-toned base, with a bright blue connector plugged into its side

Context

Prior to this incident, the prevailing risk landscape for DeFi protocols frequently included vulnerabilities within multi-signature wallet implementations and the inherent complexities of delegateCall functions, which, if improperly secured, present a broad attack surface. The reliance on centralized administrative keys or insufficiently audited contract interactions has historically been a vector for significant asset compromise across the ecosystem.

A brilliant, multi-faceted diamond, exhibiting prismatic light refractions, is held within a minimalist, white, circular apparatus with metallic joint accents. Behind this central element, a complex, crystalline formation displays intense shades of blue and indigo, suggesting a network or a foundational structure

Analysis

The incident’s technical mechanics centered on exploiting a delegateCall vulnerability within UXLINK’s multi-signature wallet, allowing the attacker to elevate privileges and gain administrator-level access. This critical flaw enabled the unauthorized execution of functions, specifically the transfer of existing assets and the egregious minting of approximately 10 trillion new CRUXLINK tokens on the Arbitrum blockchain. The attacker then systematically liquidated these newly minted and stolen assets across various liquidity pools, precipitating a sharp devaluation of the token and the draining of substantial capital. The subsequent phishing of the attacker underscores the pervasive threat of social engineering, even for sophisticated threat actors, as they interacted with a malicious contract, granting approval for their own ill-gotten gains to be drained by a secondary malicious entity.

The image displays a gleaming, multi-element lens system, possibly representing a secure access point, aligned with a vibrant, spherical structure composed of intricate, interlocking blue and black digital blocks. This sphere evokes the complex architecture of a blockchain network, where each block contains hashed transaction data

Parameters

  • Protocol Targeted ∞ UXLINK
  • Primary Attack Vector ∞ DelegateCall Vulnerability
  • Secondary Attack VectorPhishing (targeting the initial attacker)
  • Initial Financial Impact ∞ Multi-million dollar asset drain and 10 trillion CRUXLINK tokens minted, causing over 70% price collapse
  • Attacker’s Phishing Loss ∞ Approximately $43 Million (542 million UXLINK tokens)
  • Affected BlockchainsArbitrum, Ethereum
  • Exploit Date ∞ September 22, 2025
  • Phishing GroupInferno Drainer

A close-up view presents a futuristic, metallic hardware device, partially adorned with granular frost, held by a white, textured glove. The device's open face reveals an intricate arrangement of faceted blue and silver geometric forms nestled within its internal structure

Outlook

Immediate mitigation for protocols involves rigorous, independent audits of all multi-signature wallet implementations and careful scrutiny of delegateCall function usage, ensuring robust access controls and privilege separation. This incident highlights the critical need for continuous on-chain monitoring and rapid response capabilities to identify and contain exploits. Furthermore, the unprecedented scenario of an attacker being phished reinforces the pervasive and evolving nature of social engineering threats, necessitating enhanced user education and proactive security measures across all layers of the digital asset ecosystem to prevent both primary and secondary compromises.

A sleek, silver-edged device, resembling a hardware wallet, is embedded within a pristine, undulating white landscape, evoking a secure digital environment. Its screen and surrounding area are adorned with translucent, blue-tinted ice shards, symbolizing cryptographic primitives and immutable ledger entries

Verdict

This multi-layered incident underscores the paramount importance of comprehensive smart contract security and the enduring threat of social engineering, even for sophisticated actors, demanding a continuous evolution of defensive strategies across the entire digital asset landscape.

Signal Acquired from ∞ coinjournal.net

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

arbitrum blockchain

Definition ∞ Arbitrum Blockchain is a scaling solution designed to make the Ethereum network faster and cheaper to use.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

phishing

Definition ∞ Phishing, in the digital asset space, involves deceptive practices aimed at tricking individuals into divulging sensitive information, such as private keys or login credentials, typically through fraudulent communications.

asset drain

Definition ∞ This term describes the phenomenon where value or assets are removed from a cryptocurrency network or protocol, often leading to a decrease in its total value.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

arbitrum

Definition ∞ Arbitrum is a technology designed to improve the scalability of the Ethereum blockchain.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: