Security

UXLINK Multi-Signature Wallet Compromised, $11 Million Drained and Tokens Minted

A critical vulnerability in UXLINK's multi-signature wallet allowed attackers to seize control, drain assets, and mint new tokens, posing severe systemic risk to the protocol.
September 23, 20253 min

The image showcases a high-precision hardware component, featuring a prominent brushed metal cylinder partially enveloped by a translucent blue casing. Below this, a dark, wavy-edged interface is meticulously framed by polished metallic accents, set against a muted grey background
A close-up view presents a high-tech mechanical assembly, featuring a central metallic rod extending from a complex circular structure. This structure comprises a textured grey ring, reflective metallic segments, and translucent outer casing elements, all rendered in cool blue-grey tones

Briefing

On September 23, 2025, the UXLINK decentralized social project experienced a severe security incident where attackers compromised its multi-signature wallet, resulting in the theft of over $11 million in various digital assets. This breach was compounded by the unauthorized minting of an additional 1 billion UXLINK tokens on the Arbitrum chain, which caused the token’s market value to drop by nearly 65% overnight. The immediate consequence for the protocol was a significant loss of capital and a drastic devaluation of its native token, highlighting a critical failure in access control mechanisms.

A metallic, cylindrical mechanism forms the central element, partially submerged and intertwined with a viscous, translucent blue fluid. This fluid is densely covered by a frothy, lighter blue foam, suggesting a dynamic process

Context

Prior to this incident, the prevailing risk factors in the DeFi landscape included vulnerabilities in multi-signature wallet implementations and inadequate access control logic within smart contracts. Such vulnerabilities, if not rigorously audited and secured, present an attractive attack surface for malicious actors seeking to manipulate protocol functions like token minting or asset transfers. The incident underscores the persistent threat posed by compromised administrative keys or flawed governance mechanisms in decentralized systems.

A compact, intricate mechanical device is depicted, showcasing a sophisticated assembly of metallic silver and electric blue components. The blue elements are intricately etched with circuit board patterns, highlighting its electronic and digital nature

Analysis

The incident’s technical mechanics involved the compromise of UXLINK’s multi-signature wallet, where attackers gained unauthorized control over administrative privileges. Specifically, the attacker utilized a delegateCall operation to remove existing administrator permissions and subsequently invoked addOwnerWithThreshold to establish new, malicious control. This enabled the illicit transfer of approximately $11.3 million in assets, including USDT, USDC, WBTC, and ETH, which were then bridged and swapped across Ethereum and Arbitrum. Following the asset drain, the attackers leveraged their newfound control to mint an additional 1 billion UXLINK tokens on Arbitrum, exacerbating the financial impact and market instability.

A detailed macro shot showcases a sophisticated mechanical apparatus, centered around a black cylindrical control element firmly secured to a vibrant blue metallic baseplate by several silver screws. A dense entanglement of diverse cables, including braided silver strands and smooth black and blue conduits, intricately interconnects various parts of the assembly, emphasizing systemic complexity and precision engineering

Parameters

  • Protocol Targeted → UXLINK
  • Vulnerability → Multi-signature wallet compromise, unauthorized minting
  • Financial Impact → Over $11 million in initial asset drain, plus 1 billion tokens minted
  • Blockchain(s) Affected → Ethereum, Arbitrum
  • Date of Incident → September 23, 2025
  • Initial Assets Stolen → $4 million USDT, $500,000 USDC, 3.7 WBTC, 25 ETH

A central white sphere is meticulously held by a complex, metallic framework. This entire assembly is embedded within a textured, blue, ice-like matrix

Outlook

In response to this breach, UXLINK is initiating a token swap and developing a compensation plan for affected users, while emphasizing that individual user wallets remain secure. Immediate mitigation steps for similar protocols include a comprehensive re-evaluation of multi-signature wallet security, particularly focusing on delegateCall and addOwnerWithThreshold functions. This incident will likely reinforce the necessity for stringent smart contract audits, enhanced access control protocols, and the integration of hardware wallets for critical asset storage, setting new benchmarks for operational resilience in the DeFi ecosystem.

The UXLINK multi-signature wallet compromise and subsequent token minting underscore the paramount importance of robust access control and continuous security audits in safeguarding decentralized finance protocols against sophisticated exploitation.

Signal Acquired from → binance.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

wallet compromise

Definition ∞ A wallet compromise signifies a security breach where an unauthorized party gains access to a user's private keys or recovery phrases.

asset drain

Definition ∞ This term describes the phenomenon where value or assets are removed from a cryptocurrency network or protocol, often leading to a decrease in its total value.

arbitrum

Definition ∞ Arbitrum is a technology designed to improve the scalability of the Ethereum blockchain.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

compensation plan

Definition ∞ A Compensation Plan outlines the structure for remunerating individuals or entities for their contributions within a decentralized protocol or organization.

Tags:

Tags: