Skip to main content
Security

UXLINK Multi-Signature Wallet Exploited, $11.3 Million Drained, Tokens Minted

A `delegateCall` vulnerability in a multi-signature wallet enabled unauthorized token minting and asset draining, posing a critical risk to protocol integrity.
September 24, 20253 min

The image displays several blue and clear crystalline forms and rough blue rocks, arranged on a textured white surface resembling snow, with a white fabric draped over one rock. A reflective foreground mirrors the scene, set against a soft blue background
The image displays a sophisticated, angular device featuring a metallic silver frame and translucent, flowing blue internal components. A distinct white "1" is visible on one of the blue elements

Briefing

On September 22, 2025, the UXLINK protocol experienced a significant security incident where attackers exploited a delegateCall vulnerability within its multi-signature wallet. This critical flaw allowed unauthorized administrative access, leading to the minting of 2 billion UXLINK tokens and the subsequent draining of approximately $11.3 million in various assets, including stablecoins, ETH, and WBTC. The immediate consequence was a 70% plummet in the UXLINK token price, erasing $70 million in market capitalization and severely impacting investor trust. Compounding the incident’s complexity, the original exploiter later fell victim to the Inferno Drainer phishing scheme, losing an estimated $48 million of the stolen UXLINK tokens, highlighting the pervasive and interconnected nature of digital asset risks.

The image displays a close-up of a high-tech electronic connector, featuring a brushed metallic silver body with prominent blue internal components and multiple black cables. Visible within the blue sections are intricate circuit board elements, including rows of small black rectangular chips and gold-colored contacts

Context

Prior to this incident, the decentralized finance (DeFi) sector has consistently grappled with an evolving threat landscape, where vulnerabilities in smart contract logic and centralized control points remain significant attack surfaces. The reliance on multi-signature wallets, while intended to enhance security, can introduce critical risks if not meticulously implemented and audited, particularly concerning delegatecall functions. This incident underscores the pre-existing challenge of maintaining robust governance and key management practices within protocols that often claim decentralization but retain centralized administrative capabilities.

A detailed perspective showcases precision-engineered metallic components intricately connected by a translucent, deep blue structural element, creating a visually striking and functional assembly. The brushed metal surfaces exhibit fine texture, contrasting with the smooth, glossy finish of the blue part, which appears to securely cradle or interlock with the silver elements

Analysis

The attack vector leveraged a delegateCall vulnerability embedded within UXLINK’s multi-signature wallet, a sophisticated smart contract function designed to execute code from another contract in the context of the calling contract. The attacker exploited this flaw to remove legitimate administrators and gain unauthorized control over the contract. This compromise of administrative privileges enabled the malicious actor to mint 2 billion UXLINK tokens, drastically inflating the supply, and subsequently drain $11.3 million worth of assets from the protocol. The success of this exploit highlights a critical failure in the protocol’s access control mechanisms and the inherent risks associated with powerful, yet improperly secured, delegateCall implementations.

A luminous, multifaceted crystalline gem, akin to a diamond, is encased by a sleek, circular metallic frame with directional indicators, symbolizing movement or transition. This central element is superimposed on a detailed blue printed circuit board, a visual representation of underlying technological architecture

Parameters

  • Protocol Targeted ∞ UXLINK
  • Vulnerability Type ∞ delegateCall Exploit in Multi-Signature Wallet
  • Initial Financial Impact ∞ $11.3 Million Drained
  • Tokens Minted ∞ 2 Billion UXLINK Tokens
  • Token Price Drop ∞ 70% (from $0.30 to $0.09)
  • Market Cap Erased ∞ $70 Million
  • Secondary Loss (Hacker Phished) ∞ $48 Million (542 million UXLINK tokens)
  • Secondary Attack VectorInferno Drainer Phishing Scheme
  • Date of Initial Exploit ∞ September 22, 2025

The intricate design showcases a futuristic device with a central, translucent blue optical component, surrounded by polished metallic surfaces and subtle dark blue accents. A small orange button is visible, hinting at interactive functionality within its complex architecture

Outlook

Immediate mitigation for protocols involves a comprehensive review and re-auditing of all multi-signature wallet implementations, with particular scrutiny on delegateCall functions and access control logic. The incident reinforces the necessity of implementing robust timelocks for sensitive administrative actions and renouncing minting privileges post-launch where appropriate. For users, heightened vigilance against phishing schemes, even those targeting sophisticated actors, remains paramount. This event will likely accelerate the adoption of formal verification techniques and decentralized insurance models across the DeFi ecosystem, establishing new security best practices to combat both protocol-level vulnerabilities and social engineering threats.

The UXLINK exploit, compounded by the subsequent phishing of the attacker, serves as a stark reminder that even sophisticated threat actors are vulnerable, underscoring the critical need for multi-layered security and continuous vigilance across the entire digital asset landscape.

Signal Acquired from ∞ ainvest.com

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

Tags:

Tags: