Skip to main content
Security

UXLINK Multi-Signature Wallet Compromised, Attacker Funds Phished

A delegate call vulnerability in UXLINK's multi-signature wallet granted unauthorized administrative control, enabling illicit token minting and subsequent fund exfiltration, highlighting critical smart contract design flaws.
September 27, 20253 min

A close-up view presents a futuristic, metallic hardware device, partially adorned with granular frost, held by a white, textured glove. The device's open face reveals an intricate arrangement of faceted blue and silver geometric forms nestled within its internal structure
A metallic, silver-toned electronic component, featuring intricate details and connection points, is partially enveloped by a translucent, vibrant blue, fluid-like substance. The substance forms a protective, organic-looking casing around the component, with light reflecting off its glossy surfaces, highlighting its depth and smooth contours against a soft grey background

Briefing

A critical delegate call vulnerability within UXLINK’s multi-signature wallet enabled an attacker to gain administrative control, leading to the unauthorized minting of approximately 10 trillion CRUXLINK tokens and the subsequent exfiltration of assets. This exploit, occurring on September 22-23, 2025, caused the CRUXLINK token to plummet over 70% and resulted in millions of dollars in losses from liquidity pools. In an unprecedented turn, the initial attacker later became a victim themselves, losing an estimated $43 million of the stolen UXLINK tokens to a sophisticated phishing attack orchestrated by the Inferno Drainer group.

A detailed view presents a complex, cubic technological device featuring intricate blue and black components, surrounded by interconnected cables. The central element on top is a blue circular dial with a distinct logo, suggesting a high-level control or identification mechanism

Context

Prior to this incident, multi-signature wallets, while designed for enhanced security through multiple approvals, have consistently presented an attack surface when misconfigured or containing faulty code. The prevailing risk factors include vulnerabilities in call protocols that can escalate to administrative-level control, alongside human element risks such as phishing or private key compromise. The UXLINK exploit leveraged a known class of smart contract vulnerability, underscoring the persistent need for rigorous auditing and secure contract design in complex DeFi protocols.

A translucent, frosted rectangular device with rounded corners is depicted, featuring a central circular lens and two grey control buttons on its right side. Inside the device, a vibrant blue, textured, organic-like structure is visible through the clear lens, resting on a dark blue base

Analysis

The incident’s technical mechanics centered on a delegate call vulnerability embedded within UXLINK’s multi-signature wallet contract. This flaw permitted the attacker to invoke delegatecall with malicious parameters, effectively granting administrative privileges and bypassing intended access controls. With elevated permissions, the attacker proceeded to mint an unauthorized volume of CRUXLINK tokens on the Arbitrum blockchain, subsequently liquidating these newly created assets for more stable cryptocurrencies like ETH and USDC, thereby draining liquidity pools and devaluing the native token. The attacker then engaged in extensive on-chain shuffling, converting approximately 1,620 ETH, valued at $6.8 million, into DAI stablecoins to obscure the trail.

A close-up view reveals a polished, metallic object, possibly a hardware wallet, partially encased within a vibrant blue, translucent framework. The entire structure is visibly covered in a layer of white frost, creating a striking contrast and suggesting extreme cold

Parameters

  • Protocol Targeted ∞ UXLINK
  • Initial Attack Vector ∞ Delegate Call Vulnerability in Multi-Signature Wallet
  • Primary Blockchain Affected ∞ Arbitrum
  • Initial Financial Impact ∞ Approximately 10 trillion CRUXLINK tokens minted, causing over 70% token crash; $6.8 million ETH converted to DAI by attacker.
  • Secondary Attack Vector (on Attacker)Phishing Attack
  • Secondary Financial Impact (on Attacker) ∞ $43 million in UXLINK tokens lost to Inferno Drainer.
  • Incident Start Date ∞ September 22, 2025

A futuristic device with a transparent blue shell and metallic silver accents is displayed on a smooth, gray surface. Its design features two circular cutouts on the top, revealing complex mechanical components, alongside various ports and indicators on its sides

Outlook

Immediate mitigation for users involves exercising extreme caution with any UXLINK-related transactions and awaiting official guidance on token migration. This incident highlights the critical need for protocols to implement continuous security monitoring, robust smart contract audits, and multi-layered defense strategies, especially for core infrastructure like multi-signature wallets. The “hacker-on-hacker” element further emphasizes that even sophisticated threat actors are susceptible to social engineering, reinforcing the universality of fundamental cybersecurity hygiene. This event will likely prompt renewed calls for stricter regulatory oversight and enhanced industry standards for wallet security and token minting procedures across the DeFi ecosystem.

The UXLINK exploit, compounded by the subsequent phishing of the attacker, serves as a stark reminder that both technical vulnerabilities and human factors remain critical vectors for digital asset compromise, necessitating comprehensive security postures for all participants.

Signal Acquired from ∞ livebitcoinnews.com

Micro Crypto News Feeds

administrative control

Definition ∞ Administrative control denotes the authority an individual or entity possesses over a digital system, protocol, or asset.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

phishing attack

Definition ∞ A phishing attack is a fraudulent attempt to obtain sensitive information, such as usernames, passwords, and financial details, by disguising oneself as a trustworthy entity in electronic communication.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

token migration

Definition ∞ Token migration is the process of transferring digital tokens from one blockchain network or smart contract to another.

Tags:

Tags: