Skip to main content
Security

UXLINK Multi-Signature Wallet Exploited, $11.3 Million Drained, Tokens Minted

A `delegateCall` vulnerability in a multi-signature wallet enabled unauthorized token minting and asset draining, posing a critical risk to protocol integrity.
September 24, 20253 min

A futuristic, interconnected mechanism floats in a dark, star-speckled expanse, characterized by two large, segmented rings and a central satellite-like module. Intense blue light radiates from the central junction of the rings, illuminating intricate internal components and suggesting active data processing or energy transfer, mirroring the operational dynamics of a Proof-of-Stake PoS consensus algorithm or a Layer 2 scaling solution
A translucent blue device with a smooth, rounded form factor is depicted against a light grey background. Two clear, rounded protrusions, possibly interactive buttons, and a dark rectangular insert are visible on its surface

Briefing

On September 22, 2025, the UXLINK protocol experienced a significant security incident where attackers exploited a delegateCall vulnerability within its multi-signature wallet. This critical flaw allowed unauthorized administrative access, leading to the minting of 2 billion UXLINK tokens and the subsequent draining of approximately $11.3 million in various assets, including stablecoins, ETH, and WBTC. The immediate consequence was a 70% plummet in the UXLINK token price, erasing $70 million in market capitalization and severely impacting investor trust. Compounding the incident’s complexity, the original exploiter later fell victim to the Inferno Drainer phishing scheme, losing an estimated $48 million of the stolen UXLINK tokens, highlighting the pervasive and interconnected nature of digital asset risks.

A futuristic, silver and black hardware device is presented at an angle, featuring a prominent transparent blue section that reveals complex internal components. A central black button and a delicate, ruby-jeweled mechanism, akin to a balance wheel, are clearly visible within this transparent casing

Context

Prior to this incident, the decentralized finance (DeFi) sector has consistently grappled with an evolving threat landscape, where vulnerabilities in smart contract logic and centralized control points remain significant attack surfaces. The reliance on multi-signature wallets, while intended to enhance security, can introduce critical risks if not meticulously implemented and audited, particularly concerning delegatecall functions. This incident underscores the pre-existing challenge of maintaining robust governance and key management practices within protocols that often claim decentralization but retain centralized administrative capabilities.

A prominent, cratered lunar sphere, accompanied by a smaller moonlet, rests among vibrant blue crystalline shards, all contained within a sleek, open metallic ring structure. This intricate arrangement is set upon a pristine white, undulating terrain, with a reflective metallic orb partially visible on the left

Analysis

The attack vector leveraged a delegateCall vulnerability embedded within UXLINK’s multi-signature wallet, a sophisticated smart contract function designed to execute code from another contract in the context of the calling contract. The attacker exploited this flaw to remove legitimate administrators and gain unauthorized control over the contract. This compromise of administrative privileges enabled the malicious actor to mint 2 billion UXLINK tokens, drastically inflating the supply, and subsequently drain $11.3 million worth of assets from the protocol. The success of this exploit highlights a critical failure in the protocol’s access control mechanisms and the inherent risks associated with powerful, yet improperly secured, delegateCall implementations.

A clear sphere encases a white sphere marked with a dark line, positioned before a vibrant, geometric blue structure. This visual composition symbolizes the secure encapsulation of digital assets and protocols within the blockchain ecosystem

Parameters

  • Protocol Targeted ∞ UXLINK
  • Vulnerability Type ∞ delegateCall Exploit in Multi-Signature Wallet
  • Initial Financial Impact ∞ $11.3 Million Drained
  • Tokens Minted ∞ 2 Billion UXLINK Tokens
  • Token Price Drop ∞ 70% (from $0.30 to $0.09)
  • Market Cap Erased ∞ $70 Million
  • Secondary Loss (Hacker Phished) ∞ $48 Million (542 million UXLINK tokens)
  • Secondary Attack VectorInferno Drainer Phishing Scheme
  • Date of Initial Exploit ∞ September 22, 2025

A close-up shot displays a textured, deep blue, porous object encrusted with a thick layer of sparkling white crystalline structures, resembling frost or snowflakes. A central, slightly blurred opening reveals more of the intricate blue interior

Outlook

Immediate mitigation for protocols involves a comprehensive review and re-auditing of all multi-signature wallet implementations, with particular scrutiny on delegateCall functions and access control logic. The incident reinforces the necessity of implementing robust timelocks for sensitive administrative actions and renouncing minting privileges post-launch where appropriate. For users, heightened vigilance against phishing schemes, even those targeting sophisticated actors, remains paramount. This event will likely accelerate the adoption of formal verification techniques and decentralized insurance models across the DeFi ecosystem, establishing new security best practices to combat both protocol-level vulnerabilities and social engineering threats.

The UXLINK exploit, compounded by the subsequent phishing of the attacker, serves as a stark reminder that even sophisticated threat actors are vulnerable, underscoring the critical need for multi-layered security and continuous vigilance across the entire digital asset landscape.

Signal Acquired from ∞ ainvest.com

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

Tags:

Tags: