Skip to main content
Security

UXLINK Multi-Signature Wallet Compromised, $11.3 Million Drained, Tokens Minted

A critical vulnerability within UXLINK's multi-signature wallet enabled unauthorized administrative control, leading to asset exfiltration and illicit token minting.
September 23, 20253 min

A detailed view presents a complex, cubic technological device featuring intricate blue and black components, surrounded by interconnected cables. The central element on top is a blue circular dial with a distinct logo, suggesting a high-level control or identification mechanism
A sleek, metallic structure, possibly a hardware wallet or node component, features two embedded circular modules depicting a cratered lunar surface in cool blue tones. The background is a blurred, deep blue, suggesting a cosmic environment with subtle, bright specks

Briefing

A significant security incident has impacted UXLINK, a Web3 social platform, resulting in the compromise of its multi-signature wallet and the exfiltration of approximately $11.3 million in various cryptocurrencies. The attackers gained unauthorized administrative control, enabling them to drain existing assets and illicitly mint an additional 1 billion UXLINK tokens, which caused a nearly 70% devaluation of the token. This breach highlights critical access control deficiencies within the protocol’s core infrastructure.

A prominent clear spherical object with an internal white circular panel featuring four distinct circular indentations dominates the center, set against a blurred backdrop of numerous irregularly shaped, faceted blue and dark grey translucent cubes. The central sphere, a visual metaphor for a core protocol or secure enclave, embodies a sophisticated governance mechanism, possibly representing a decentralized autonomous organization DAO or a multi-signature wallet's operational interface

Context

Prior to this incident, the broader DeFi ecosystem consistently faced risks associated with centralized administrative controls and multi-signature wallet implementations. These components, while offering operational flexibility, frequently present an expanded attack surface if not rigorously secured and audited. The rapid iteration cycle common in Web3 projects often leads to overlooked vulnerabilities in critical smart contract logic and governance mechanisms.

The image displays abstract sculptural forms on a light blue-grey background, featuring a large, textured blue gradient object alongside smooth white and dark blue flowing elements and two spheres. This composition visually interprets complex interdependencies within a blockchain ecosystem

Analysis

The incident originated from a vulnerability within UXLINK’s multi-signature wallet, which permitted attackers to escalate privileges and assume administrator roles. This compromise granted the malicious actor the ability to transfer substantial quantities of assets, including USDT, USDC, WBTC, and ETH, to external addresses across multiple chains. Concurrently, the attacker leveraged their newfound control to mint an unauthorized 1 billion UXLINK tokens, diluting the existing supply and severely impacting market stability.

A prominent circular metallic button is centrally positioned within a sleek, translucent blue device, revealing intricate internal components. The device's polished surface reflects ambient light, highlighting its modern, high-tech aesthetic

Parameters

  • Protocol Targeted ∞ UXLINK
  • Vulnerability ∞ Multi-signature wallet compromise, Admin privilege escalation
  • Initial Financial Impact ∞ $11.3 Million (various cryptocurrencies)
  • Additional Impact ∞ 1 Billion UXLINK tokens illicitly minted
  • Affected Blockchains ∞ Multiple chains (assets bridged)
  • Date of Detection ∞ September 23, 2025
  • Attacker Wallet Address ∞ 0xde153534428aae1269adc1459ebbe78ba0ea92a2
  • Subsequent Event ∞ Hacker fell victim to Inferno Drainer phishing, losing 542 million UXLINK tokens

A metallic, silver-toned electronic component, featuring intricate details and connection points, is partially enveloped by a translucent, vibrant blue, fluid-like substance. The substance forms a protective, organic-looking casing around the component, with light reflecting off its glossy surfaces, highlighting its depth and smooth contours against a soft grey background

Outlook

Immediate mitigation requires UXLINK to finalize asset recovery, implement a comprehensive compensation plan, and conduct a thorough overhaul of its multi-signature security architecture, including potential hardware wallet integration. This incident underscores the persistent threat of compromised administrative keys and the critical need for robust access control mechanisms across all Web3 platforms. Protocols with similar centralized governance structures must proactively review and audit their multi-signature implementations to prevent comparable exploits and safeguard user assets.

The UXLINK multi-signature wallet compromise and subsequent token minting represent a severe failure in access control, emphasizing that even sophisticated threat actors are susceptible to phishing, underscoring the universal nature of social engineering risks.

Signal Acquired from ∞ binance.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

wallet compromise

Definition ∞ A wallet compromise signifies a security breach where an unauthorized party gains access to a user's private keys or recovery phrases.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

phishing

Definition ∞ Phishing, in the digital asset space, involves deceptive practices aimed at tricking individuals into divulging sensitive information, such as private keys or login credentials, typically through fraudulent communications.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

Tags:

Tags: