Skip to main content
Security

UXLINK Multi-Signature Wallet Compromised via DelegateCall Exploit

A delegateCall vulnerability in UXLINK's multi-signature wallet allowed attackers to seize control, mint tokens, and drain $11.3 million in assets, highlighting critical governance and key management flaws.
September 24, 20253 min

A bright white sphere is surrounded by numerous shimmering blue crystalline cubes, forming a central, intricate mass. White, smooth, curved conduits and thin dark filaments emanate from this core, weaving through a blurred background of similar blue and white elements
A prominent circular metallic button is centrally positioned within a sleek, translucent blue device, revealing intricate internal components. The device's polished surface reflects ambient light, highlighting its modern, high-tech aesthetic

Briefing

On September 22, 2025, the UXLINK Web3 social infrastructure project experienced a severe security incident, with attackers exploiting a critical delegateCall vulnerability within its multi-signature wallet. This compromise led to the unauthorized minting of approximately 2 billion UXLINK tokens and the illicit transfer of $11.3 million in assets, including stablecoins, ETH, and WBTC. The immediate consequence was a drastic 70% collapse in the UXLINK token’s value, resulting in a $70 million reduction in market capitalization. The incident further escalated with the original exploiter subsequently falling victim to a phishing attack by the “Inferno Drainer” group, losing $48 million in stolen UXLINK tokens.

The image presents a meticulously rendered cutaway view of a sophisticated, light-colored device, revealing its complex internal machinery and a glowing blue core. Precision-engineered gears and intricate components are visible, encased within a soft-textured exterior

Context

Prior to this incident, the decentralized finance (DeFi) sector has been consistently exposed to systemic risks stemming from complex smart contract interactions and the centralized points of control often inherent in multi-signature wallet designs. The delegateCall function, while powerful for upgradability and modularity, introduces a significant attack surface if not meticulously secured and audited. The prevailing threat landscape includes sophisticated exploits targeting logical flaws in contract execution and social engineering tactics like phishing, which continue to compromise even technically adept actors.

A close-up view presents a high-tech mechanical assembly, featuring a central metallic rod extending from a complex circular structure. This structure comprises a textured grey ring, reflective metallic segments, and translucent outer casing elements, all rendered in cool blue-grey tones

Analysis

The attack vector leveraged a delegateCall vulnerability within UXLINK’s smart contracts on both Ethereum and Arbitrum. This allowed the malicious actor to execute arbitrary code with the privileges of the multi-signature wallet, effectively seizing administrative control. The attacker removed existing administrators, installed their own address as the new owner, and then proceeded to drain existing assets and mint an additional 2 billion UXLINK tokens, nearly doubling the circulating supply.

These newly minted and stolen tokens were then rapidly sold across decentralized exchanges through six different wallets, converting them into 6,732 ETH, valued at approximately $28.1 million. The subsequent loss of $48 million by the original hacker to an Inferno Drainer phishing scheme underscores the pervasive nature of social engineering threats within the digital asset ecosystem.

A sleek, high-tech portable device is presented at an angle, featuring a prominent translucent blue top panel. This panel reveals an array of intricate mechanical gears, ruby bearings, and a central textured circular component, all encased within a polished silver frame

Parameters

  • Protocol Targeted ∞ UXLINK
  • VulnerabilityDelegateCall Exploit in Multi-signature Wallet
  • Date of Incident ∞ September 22, 2025
  • Financial Impact (Initial Exploit) ∞ $11.3 Million (stablecoins, ETH, WBTC)
  • Tokens Minted ∞ Approximately 2 Billion UXLINK tokens
  • Token Price Impact ∞ 70% Crash, $70 Million Market Cap Loss
  • Financial Impact (Hacker Phishing) ∞ $48 Million (542 million UXLINK tokens)
  • Affected Blockchains ∞ Ethereum, Arbitrum
  • Recovery Efforts ∞ Emergency Token Swap, Law Enforcement, PeckShield Engagement

A polished metallic circular component, resembling a secure element, rests centrally on a textured, light-grey substrate, likely a flexible circuit or data ribbon. This assembly is set within a vibrant, translucent blue environment, exhibiting dynamic, reflective contours

Outlook

Immediate mitigation for UXLINK users involves participating in the announced emergency token swap to legitimize holdings and avoid unauthorized tokens. For the broader DeFi ecosystem, this incident reinforces the critical need for rigorous, independent smart contract audits, particularly for complex functions like delegateCall that manage administrative privileges. Protocols must implement robust governance mechanisms and multi-layered security controls to prevent single points of failure. Furthermore, the “Inferno Drainer” incident serves as a stark reminder that even sophisticated threat actors are susceptible to social engineering, emphasizing the universal importance of vigilance against phishing attacks and secure key management practices across all user segments.

The UXLINK exploit, compounded by the subsequent hacker phishing, decisively underscores that systemic vulnerabilities in smart contract design and pervasive social engineering threats remain the primary vectors for capital erosion in the digital asset landscape.

Signal Acquired from ∞ ainvest.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

decentralized finance

Definition ∞ Decentralized finance, often abbreviated as DeFi, is a system of financial services built on blockchain technology that operates without central intermediaries.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

delegatecall exploit

Definition ∞ A delegatecall exploit arises in smart contracts when a contract uses the delegatecall function to execute code from another contract, but fails to properly manage the context of the execution.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

phishing

Definition ∞ Phishing, in the digital asset space, involves deceptive practices aimed at tricking individuals into divulging sensitive information, such as private keys or login credentials, typically through fraudulent communications.

token swap

Definition ∞ A token swap is the exchange of one type of cryptocurrency token for another, often occurring on decentralized or centralized exchanges.

key management

Definition ∞ Key management refers to the systematic process of generating, storing, distributing, using, safeguarding, and revoking cryptographic keys.

Tags:

Tags: