Skip to main content
Security

UXLINK Multi-Sig Wallet Exploited, Attacker Phished via Malicious Contract

A `delegateCall` flaw in UXLINK's multi-sig enabled asset drain and token minting, highlighting critical access control risks.
September 27, 20253 min

The image displays a close-up of a sleek, translucent blue object with a prominent brushed metallic band. A small, circular, luminous blue button or indicator is embedded in the center of the metallic band
A sleek, silver-edged device, resembling a hardware wallet, is embedded within a pristine, undulating white landscape, evoking a secure digital environment. Its screen and surrounding area are adorned with translucent, blue-tinted ice shards, symbolizing cryptographic primitives and immutable ledger entries

Briefing

The UXLINK protocol suffered a critical security breach originating from a delegateCall vulnerability within its multi-signature wallet, granting the attacker unauthorized administrative control. This compromise led to the illicit minting of trillions of CRUXLINK tokens and the draining of significant liquidity, causing a severe market value collapse. In an unusual turn, the primary attacker subsequently fell victim to a phishing scam, losing approximately $43 million in stolen UXLINK tokens to the Inferno Drainer group, complicating recovery efforts.

A close-up view reveals a high-tech device featuring a silver-grey metallic casing with prominent dark blue internal components and accents. A central, faceted blue translucent element glows brightly, suggesting active processing or energy flow within the intricate machinery

Context

Prior to this incident, the prevailing risk landscape for DeFi protocols frequently included vulnerabilities within multi-signature wallet implementations and the inherent complexities of delegateCall functions, which, if improperly secured, present a broad attack surface. The reliance on centralized administrative keys or insufficiently audited contract interactions has historically been a vector for significant asset compromise across the ecosystem.

A sleek, silver-framed device features a large, faceted blue crystal on one side and an exposed mechanical watch movement on the other, resting on a light grey surface. The crystal sits above a stack of coins, while the watch mechanism is integrated into a dark, recessed panel

Analysis

The incident’s technical mechanics centered on exploiting a delegateCall vulnerability within UXLINK’s multi-signature wallet, allowing the attacker to elevate privileges and gain administrator-level access. This critical flaw enabled the unauthorized execution of functions, specifically the transfer of existing assets and the egregious minting of approximately 10 trillion new CRUXLINK tokens on the Arbitrum blockchain. The attacker then systematically liquidated these newly minted and stolen assets across various liquidity pools, precipitating a sharp devaluation of the token and the draining of substantial capital. The subsequent phishing of the attacker underscores the pervasive threat of social engineering, even for sophisticated threat actors, as they interacted with a malicious contract, granting approval for their own ill-gotten gains to be drained by a secondary malicious entity.

A luminous, multifaceted crystal, glowing with blue light, is nestled within a dark, textured structure, partially covered by a white, granular substance. The central clear crystal represents a high-value digital asset, perhaps a core token or a non-fungible token NFT with significant utility

Parameters

  • Protocol Targeted ∞ UXLINK
  • Primary Attack Vector ∞ DelegateCall Vulnerability
  • Secondary Attack VectorPhishing (targeting the initial attacker)
  • Initial Financial Impact ∞ Multi-million dollar asset drain and 10 trillion CRUXLINK tokens minted, causing over 70% price collapse
  • Attacker’s Phishing Loss ∞ Approximately $43 Million (542 million UXLINK tokens)
  • Affected BlockchainsArbitrum, Ethereum
  • Exploit Date ∞ September 22, 2025
  • Phishing GroupInferno Drainer

A metallic, cubic device with transparent blue accents and a white spherical component is partially submerged in a reflective, rippled liquid, while a vibrant blue, textured, frosty substance envelops one side. The object appears to be a sophisticated hardware wallet, designed for ultimate digital asset custody through advanced cold storage mechanisms

Outlook

Immediate mitigation for protocols involves rigorous, independent audits of all multi-signature wallet implementations and careful scrutiny of delegateCall function usage, ensuring robust access controls and privilege separation. This incident highlights the critical need for continuous on-chain monitoring and rapid response capabilities to identify and contain exploits. Furthermore, the unprecedented scenario of an attacker being phished reinforces the pervasive and evolving nature of social engineering threats, necessitating enhanced user education and proactive security measures across all layers of the digital asset ecosystem to prevent both primary and secondary compromises.

The image displays a partially opened spherical object, revealing an inner core and surrounding elements. Its outer shell is white and segmented, fractured to expose a vibrant blue granular substance mixed with clear, cubic crystals

Verdict

This multi-layered incident underscores the paramount importance of comprehensive smart contract security and the enduring threat of social engineering, even for sophisticated actors, demanding a continuous evolution of defensive strategies across the entire digital asset landscape.

Signal Acquired from ∞ coinjournal.net

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

arbitrum blockchain

Definition ∞ Arbitrum Blockchain is a scaling solution designed to make the Ethereum network faster and cheaper to use.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

phishing

Definition ∞ Phishing, in the digital asset space, involves deceptive practices aimed at tricking individuals into divulging sensitive information, such as private keys or login credentials, typically through fraudulent communications.

asset drain

Definition ∞ This term describes the phenomenon where value or assets are removed from a cryptocurrency network or protocol, often leading to a decrease in its total value.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

arbitrum

Definition ∞ Arbitrum is a technology designed to improve the scalability of the Ethereum blockchain.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: