Security

UXLINK Multi-Signature Wallet Compromised, $11 Million Drained and Tokens Minted

A critical vulnerability in UXLINK's multi-signature wallet allowed attackers to seize control, drain assets, and mint new tokens, posing severe systemic risk to the protocol.
September 23, 20253 min

A close-up view showcases a finely engineered metallic hub, encircled by an array of transparent, faceted blue blades that appear crystalline and highly reflective. This intricate structure is suggestive of an advanced mechanical or digital system, with the blades radiating outwards from the central core
The image displays a close-up of a sleek, transparent electronic device, revealing its intricate internal components. A prominent brushed metallic chip, likely a secure element, is visible through the blue-tinted translucent casing, alongside a circular button and glowing blue circuitry

Briefing

On September 23, 2025, the UXLINK decentralized social project experienced a severe security incident where attackers compromised its multi-signature wallet, resulting in the theft of over $11 million in various digital assets. This breach was compounded by the unauthorized minting of an additional 1 billion UXLINK tokens on the Arbitrum chain, which caused the token’s market value to drop by nearly 65% overnight. The immediate consequence for the protocol was a significant loss of capital and a drastic devaluation of its native token, highlighting a critical failure in access control mechanisms.

A prominent circular metallic button is centrally positioned within a sleek, translucent blue device, revealing intricate internal components. The device's polished surface reflects ambient light, highlighting its modern, high-tech aesthetic

Context

Prior to this incident, the prevailing risk factors in the DeFi landscape included vulnerabilities in multi-signature wallet implementations and inadequate access control logic within smart contracts. Such vulnerabilities, if not rigorously audited and secured, present an attractive attack surface for malicious actors seeking to manipulate protocol functions like token minting or asset transfers. The incident underscores the persistent threat posed by compromised administrative keys or flawed governance mechanisms in decentralized systems.

A futuristic transparent device, resembling an advanced hardware wallet or cryptographic module, displays intricate internal components illuminated with a vibrant blue glow. The top surface features tactile buttons, including one marked with an '8', and a central glowing square, suggesting sophisticated user interaction for secure operations

Analysis

The incident’s technical mechanics involved the compromise of UXLINK’s multi-signature wallet, where attackers gained unauthorized control over administrative privileges. Specifically, the attacker utilized a delegateCall operation to remove existing administrator permissions and subsequently invoked addOwnerWithThreshold to establish new, malicious control. This enabled the illicit transfer of approximately $11.3 million in assets, including USDT, USDC, WBTC, and ETH, which were then bridged and swapped across Ethereum and Arbitrum. Following the asset drain, the attackers leveraged their newfound control to mint an additional 1 billion UXLINK tokens on Arbitrum, exacerbating the financial impact and market instability.

A polished blue, geometrically designed device, featuring a prominent silver and black circular mechanism, rests partially covered in white, fine-bubbled foam. The object's metallic sheen reflects ambient light against a soft grey background

Parameters

  • Protocol Targeted → UXLINK
  • Vulnerability → Multi-signature wallet compromise, unauthorized minting
  • Financial Impact → Over $11 million in initial asset drain, plus 1 billion tokens minted
  • Blockchain(s) Affected → Ethereum, Arbitrum
  • Date of Incident → September 23, 2025
  • Initial Assets Stolen → $4 million USDT, $500,000 USDC, 3.7 WBTC, 25 ETH

A modern, elongated device features a sleek silver top and dark base, with a transparent blue section showcasing intricate internal clockwork mechanisms, including visible gears and ruby jewels. Side details include a tactile button and ventilation grilles, suggesting active functionality

Outlook

In response to this breach, UXLINK is initiating a token swap and developing a compensation plan for affected users, while emphasizing that individual user wallets remain secure. Immediate mitigation steps for similar protocols include a comprehensive re-evaluation of multi-signature wallet security, particularly focusing on delegateCall and addOwnerWithThreshold functions. This incident will likely reinforce the necessity for stringent smart contract audits, enhanced access control protocols, and the integration of hardware wallets for critical asset storage, setting new benchmarks for operational resilience in the DeFi ecosystem.

The UXLINK multi-signature wallet compromise and subsequent token minting underscore the paramount importance of robust access control and continuous security audits in safeguarding decentralized finance protocols against sophisticated exploitation.

Signal Acquired from → binance.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

wallet compromise

Definition ∞ A wallet compromise signifies a security breach where an unauthorized party gains access to a user's private keys or recovery phrases.

asset drain

Definition ∞ This term describes the phenomenon where value or assets are removed from a cryptocurrency network or protocol, often leading to a decrease in its total value.

arbitrum

Definition ∞ Arbitrum is a technology designed to improve the scalability of the Ethereum blockchain.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

compensation plan

Definition ∞ A Compensation Plan outlines the structure for remunerating individuals or entities for their contributions within a decentralized protocol or organization.

Tags:

Tags: