Security

UXLINK Multi-Signature Wallet Exploited, $11.3 Million Drained, Tokens Minted

A `delegateCall` vulnerability in a multi-signature wallet enabled unauthorized token minting and asset draining, posing a critical risk to protocol integrity.
September 24, 20253 min

A translucent, frosted rectangular module displays two prominent metallic circular buttons, set against a dynamic backdrop of flowing blue and reflective silver elements. This sophisticated interface represents a critical component in secure digital asset management, likely a hardware wallet designed for cold storage of private keys
A dark blue, spherical digital asset is partially enveloped by a translucent, light blue, flowing material. This enveloping layer is speckled with numerous tiny white particles, creating a dynamic, abstract composition against a soft grey background

Briefing

On September 22, 2025, the UXLINK protocol experienced a significant security incident where attackers exploited a delegateCall vulnerability within its multi-signature wallet. This critical flaw allowed unauthorized administrative access, leading to the minting of 2 billion UXLINK tokens and the subsequent draining of approximately $11.3 million in various assets, including stablecoins, ETH, and WBTC. The immediate consequence was a 70% plummet in the UXLINK token price, erasing $70 million in market capitalization and severely impacting investor trust. Compounding the incident’s complexity, the original exploiter later fell victim to the Inferno Drainer phishing scheme, losing an estimated $48 million of the stolen UXLINK tokens, highlighting the pervasive and interconnected nature of digital asset risks.

A detailed abstract render showcases glossy white spheres, acting as interconnected nodes, linked by silver metallic rods. The core of this structure is filled with an abundance of sparkling, multifaceted blue crystalline shapes, resembling digital assets

Context

Prior to this incident, the decentralized finance (DeFi) sector has consistently grappled with an evolving threat landscape, where vulnerabilities in smart contract logic and centralized control points remain significant attack surfaces. The reliance on multi-signature wallets, while intended to enhance security, can introduce critical risks if not meticulously implemented and audited, particularly concerning delegatecall functions. This incident underscores the pre-existing challenge of maintaining robust governance and key management practices within protocols that often claim decentralization but retain centralized administrative capabilities.

A translucent, melting ice formation sits precariously on a detailed blue electronic substrate, evoking the concept of frozen liquidity within the cryptocurrency ecosystem. This imagery highlights the fragility of digital asset markets and the potential for blockchain network disruptions

Analysis

The attack vector leveraged a delegateCall vulnerability embedded within UXLINK’s multi-signature wallet, a sophisticated smart contract function designed to execute code from another contract in the context of the calling contract. The attacker exploited this flaw to remove legitimate administrators and gain unauthorized control over the contract. This compromise of administrative privileges enabled the malicious actor to mint 2 billion UXLINK tokens, drastically inflating the supply, and subsequently drain $11.3 million worth of assets from the protocol. The success of this exploit highlights a critical failure in the protocol’s access control mechanisms and the inherent risks associated with powerful, yet improperly secured, delegateCall implementations.

A futuristic, interconnected mechanism floats in a dark, star-speckled expanse, characterized by two large, segmented rings and a central satellite-like module. Intense blue light radiates from the central junction of the rings, illuminating intricate internal components and suggesting active data processing or energy transfer, mirroring the operational dynamics of a Proof-of-Stake PoS consensus algorithm or a Layer 2 scaling solution

Parameters

  • Protocol Targeted → UXLINK
  • Vulnerability Type → delegateCall Exploit in Multi-Signature Wallet
  • Initial Financial Impact → $11.3 Million Drained
  • Tokens Minted → 2 Billion UXLINK Tokens
  • Token Price Drop → 70% (from $0.30 to $0.09)
  • Market Cap Erased → $70 Million
  • Secondary Loss (Hacker Phished) → $48 Million (542 million UXLINK tokens)
  • Secondary Attack VectorInferno Drainer Phishing Scheme
  • Date of Initial Exploit → September 22, 2025

A modern, white and metallic cylindrical apparatus lies partially submerged in dark blue, rippling water, actively discharging a large volume of white, powdery substance. The substance forms a significant pile both emerging from the device and spreading across the water's surface

Outlook

Immediate mitigation for protocols involves a comprehensive review and re-auditing of all multi-signature wallet implementations, with particular scrutiny on delegateCall functions and access control logic. The incident reinforces the necessity of implementing robust timelocks for sensitive administrative actions and renouncing minting privileges post-launch where appropriate. For users, heightened vigilance against phishing schemes, even those targeting sophisticated actors, remains paramount. This event will likely accelerate the adoption of formal verification techniques and decentralized insurance models across the DeFi ecosystem, establishing new security best practices to combat both protocol-level vulnerabilities and social engineering threats.

The UXLINK exploit, compounded by the subsequent phishing of the attacker, serves as a stark reminder that even sophisticated threat actors are vulnerable, underscoring the critical need for multi-layered security and continuous vigilance across the entire digital asset landscape.

Signal Acquired from → ainvest.com

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

Tags:

Tags: