Security

UXLINK Multi-Signature Wallet Compromised, $11 Million Drained and Tokens Minted

A critical vulnerability in UXLINK's multi-signature wallet allowed attackers to seize control, drain assets, and mint new tokens, posing severe systemic risk to the protocol.
September 23, 20253 min

A close-up view reveals a sophisticated, translucent blue electronic device with a central, raised metallic button. Luminous blue patterns resembling flowing energy or data are visible beneath the transparent surface, extending across the device's length
A clear, faceted crystalline object is centrally positioned within a broken white ring, superimposed on a detailed, luminous blue circuit board. This imagery evokes the cutting edge of digital security and decentralized systems

Briefing

On September 23, 2025, the UXLINK decentralized social project experienced a severe security incident where attackers compromised its multi-signature wallet, resulting in the theft of over $11 million in various digital assets. This breach was compounded by the unauthorized minting of an additional 1 billion UXLINK tokens on the Arbitrum chain, which caused the token’s market value to drop by nearly 65% overnight. The immediate consequence for the protocol was a significant loss of capital and a drastic devaluation of its native token, highlighting a critical failure in access control mechanisms.

A bright white sphere is surrounded by numerous shimmering blue crystalline cubes, forming a central, intricate mass. White, smooth, curved conduits and thin dark filaments emanate from this core, weaving through a blurred background of similar blue and white elements

Context

Prior to this incident, the prevailing risk factors in the DeFi landscape included vulnerabilities in multi-signature wallet implementations and inadequate access control logic within smart contracts. Such vulnerabilities, if not rigorously audited and secured, present an attractive attack surface for malicious actors seeking to manipulate protocol functions like token minting or asset transfers. The incident underscores the persistent threat posed by compromised administrative keys or flawed governance mechanisms in decentralized systems.

A futuristic, segmented white sphere is partially submerged in dark, reflective water, with vibrant blue, crystalline formations emerging from its central opening. These icy structures spill into the water, forming a distinct mass on the surface

Analysis

The incident’s technical mechanics involved the compromise of UXLINK’s multi-signature wallet, where attackers gained unauthorized control over administrative privileges. Specifically, the attacker utilized a delegateCall operation to remove existing administrator permissions and subsequently invoked addOwnerWithThreshold to establish new, malicious control. This enabled the illicit transfer of approximately $11.3 million in assets, including USDT, USDC, WBTC, and ETH, which were then bridged and swapped across Ethereum and Arbitrum. Following the asset drain, the attackers leveraged their newfound control to mint an additional 1 billion UXLINK tokens on Arbitrum, exacerbating the financial impact and market instability.

A striking visual depicts two distinct, angular structures rising from dark, rippled water, partially obscured by white, voluminous clouds. One structure is a highly reflective silver, while the other is a fractured, deep blue block with intricate white patterns

Parameters

  • Protocol Targeted → UXLINK
  • Vulnerability → Multi-signature wallet compromise, unauthorized minting
  • Financial Impact → Over $11 million in initial asset drain, plus 1 billion tokens minted
  • Blockchain(s) Affected → Ethereum, Arbitrum
  • Date of Incident → September 23, 2025
  • Initial Assets Stolen → $4 million USDT, $500,000 USDC, 3.7 WBTC, 25 ETH

The image displays a close-up of a high-tech electronic connector, featuring a brushed metallic silver body with prominent blue internal components and multiple black cables. Visible within the blue sections are intricate circuit board elements, including rows of small black rectangular chips and gold-colored contacts

Outlook

In response to this breach, UXLINK is initiating a token swap and developing a compensation plan for affected users, while emphasizing that individual user wallets remain secure. Immediate mitigation steps for similar protocols include a comprehensive re-evaluation of multi-signature wallet security, particularly focusing on delegateCall and addOwnerWithThreshold functions. This incident will likely reinforce the necessity for stringent smart contract audits, enhanced access control protocols, and the integration of hardware wallets for critical asset storage, setting new benchmarks for operational resilience in the DeFi ecosystem.

The UXLINK multi-signature wallet compromise and subsequent token minting underscore the paramount importance of robust access control and continuous security audits in safeguarding decentralized finance protocols against sophisticated exploitation.

Signal Acquired from → binance.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

wallet compromise

Definition ∞ A wallet compromise signifies a security breach where an unauthorized party gains access to a user's private keys or recovery phrases.

asset drain

Definition ∞ This term describes the phenomenon where value or assets are removed from a cryptocurrency network or protocol, often leading to a decrease in its total value.

arbitrum

Definition ∞ Arbitrum is a technology designed to improve the scalability of the Ethereum blockchain.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

compensation plan

Definition ∞ A Compensation Plan outlines the structure for remunerating individuals or entities for their contributions within a decentralized protocol or organization.

Tags:

Tags: