Skip to main content
Security

UXLINK Multi-Signature Wallet Compromised, Attacker Funds Phished

A delegate call vulnerability in UXLINK's multi-signature wallet granted unauthorized administrative control, enabling illicit token minting and subsequent fund exfiltration, highlighting critical smart contract design flaws.
September 27, 20253 min

A high-tech, dark blue device showcases a prominent central brushed metal button and a smaller button on its left. A glowing blue circuit board pattern is visible beneath a transparent layer, with a translucent, wavy data stream flowing over the central button
Blue faceted crystals, resembling intricate ice formations, are partially covered in white, powdery frost. The intricate blockchain architecture is visually represented by these crystalline structures, each facet symbolizing a validated block within a distributed ledger technology

Briefing

A critical delegate call vulnerability within UXLINK’s multi-signature wallet enabled an attacker to gain administrative control, leading to the unauthorized minting of approximately 10 trillion CRUXLINK tokens and the subsequent exfiltration of assets. This exploit, occurring on September 22-23, 2025, caused the CRUXLINK token to plummet over 70% and resulted in millions of dollars in losses from liquidity pools. In an unprecedented turn, the initial attacker later became a victim themselves, losing an estimated $43 million of the stolen UXLINK tokens to a sophisticated phishing attack orchestrated by the Inferno Drainer group.

A close-up view reveals a modern device featuring a translucent blue casing and a prominent brushed metallic surface. The blue component, with its smooth, rounded contours, rests on a lighter, possibly silver-toned base, suggesting a sophisticated piece of technology

Context

Prior to this incident, multi-signature wallets, while designed for enhanced security through multiple approvals, have consistently presented an attack surface when misconfigured or containing faulty code. The prevailing risk factors include vulnerabilities in call protocols that can escalate to administrative-level control, alongside human element risks such as phishing or private key compromise. The UXLINK exploit leveraged a known class of smart contract vulnerability, underscoring the persistent need for rigorous auditing and secure contract design in complex DeFi protocols.

The intricate design showcases a futuristic device with a central, translucent blue optical component, surrounded by polished metallic surfaces and subtle dark blue accents. A small orange button is visible, hinting at interactive functionality within its complex architecture

Analysis

The incident’s technical mechanics centered on a delegate call vulnerability embedded within UXLINK’s multi-signature wallet contract. This flaw permitted the attacker to invoke delegatecall with malicious parameters, effectively granting administrative privileges and bypassing intended access controls. With elevated permissions, the attacker proceeded to mint an unauthorized volume of CRUXLINK tokens on the Arbitrum blockchain, subsequently liquidating these newly created assets for more stable cryptocurrencies like ETH and USDC, thereby draining liquidity pools and devaluing the native token. The attacker then engaged in extensive on-chain shuffling, converting approximately 1,620 ETH, valued at $6.8 million, into DAI stablecoins to obscure the trail.

The image presents a close-up of a futuristic device featuring a translucent casing over a dynamic blue internal structure. A central, brushed metallic button is precisely integrated into the surface

Parameters

  • Protocol Targeted ∞ UXLINK
  • Initial Attack Vector ∞ Delegate Call Vulnerability in Multi-Signature Wallet
  • Primary Blockchain Affected ∞ Arbitrum
  • Initial Financial Impact ∞ Approximately 10 trillion CRUXLINK tokens minted, causing over 70% token crash; $6.8 million ETH converted to DAI by attacker.
  • Secondary Attack Vector (on Attacker)Phishing Attack
  • Secondary Financial Impact (on Attacker) ∞ $43 million in UXLINK tokens lost to Inferno Drainer.
  • Incident Start Date ∞ September 22, 2025

A prominent clear spherical object with an internal white circular panel featuring four distinct circular indentations dominates the center, set against a blurred backdrop of numerous irregularly shaped, faceted blue and dark grey translucent cubes. The central sphere, a visual metaphor for a core protocol or secure enclave, embodies a sophisticated governance mechanism, possibly representing a decentralized autonomous organization DAO or a multi-signature wallet's operational interface

Outlook

Immediate mitigation for users involves exercising extreme caution with any UXLINK-related transactions and awaiting official guidance on token migration. This incident highlights the critical need for protocols to implement continuous security monitoring, robust smart contract audits, and multi-layered defense strategies, especially for core infrastructure like multi-signature wallets. The “hacker-on-hacker” element further emphasizes that even sophisticated threat actors are susceptible to social engineering, reinforcing the universality of fundamental cybersecurity hygiene. This event will likely prompt renewed calls for stricter regulatory oversight and enhanced industry standards for wallet security and token minting procedures across the DeFi ecosystem.

The UXLINK exploit, compounded by the subsequent phishing of the attacker, serves as a stark reminder that both technical vulnerabilities and human factors remain critical vectors for digital asset compromise, necessitating comprehensive security postures for all participants.

Signal Acquired from ∞ livebitcoinnews.com

Micro Crypto News Feeds

administrative control

Definition ∞ Administrative control denotes the authority an individual or entity possesses over a digital system, protocol, or asset.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

phishing attack

Definition ∞ A phishing attack is a fraudulent attempt to obtain sensitive information, such as usernames, passwords, and financial details, by disguising oneself as a trustworthy entity in electronic communication.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

token migration

Definition ∞ Token migration is the process of transferring digital tokens from one blockchain network or smart contract to another.

Tags:

Tags: