Security

UXLINK Multi-Signature Wallet Exploited, $11.3 Million Drained, Tokens Minted

A `delegateCall` vulnerability in a multi-signature wallet enabled unauthorized token minting and asset draining, posing a critical risk to protocol integrity.
September 24, 20253 min

A sophisticated metallic hardware component prominently displays the Ethereum emblem on its brushed surface. Beneath, intricate mechanical gears and sub-components reveal precision engineering, surrounded by meticulously arranged blue and silver conduits
A striking visual presents a complex blue metallic structure, featuring multiple parallel fins and exposed gears, enveloped by a vibrant flow of white and blue particulate matter. A smooth white sphere is partially visible, interacting with the dynamic cloud-like elements and the central mechanism

Briefing

On September 22, 2025, the UXLINK protocol experienced a significant security incident where attackers exploited a delegateCall vulnerability within its multi-signature wallet. This critical flaw allowed unauthorized administrative access, leading to the minting of 2 billion UXLINK tokens and the subsequent draining of approximately $11.3 million in various assets, including stablecoins, ETH, and WBTC. The immediate consequence was a 70% plummet in the UXLINK token price, erasing $70 million in market capitalization and severely impacting investor trust. Compounding the incident’s complexity, the original exploiter later fell victim to the Inferno Drainer phishing scheme, losing an estimated $48 million of the stolen UXLINK tokens, highlighting the pervasive and interconnected nature of digital asset risks.

The image features white spheres, white rings, and clusters of blue and clear geometric cubes interconnected by transparent lines. These elements form an intricate, abstract system against a dark background, visually representing a sophisticated decentralized network architecture

Context

Prior to this incident, the decentralized finance (DeFi) sector has consistently grappled with an evolving threat landscape, where vulnerabilities in smart contract logic and centralized control points remain significant attack surfaces. The reliance on multi-signature wallets, while intended to enhance security, can introduce critical risks if not meticulously implemented and audited, particularly concerning delegatecall functions. This incident underscores the pre-existing challenge of maintaining robust governance and key management practices within protocols that often claim decentralization but retain centralized administrative capabilities.

A futuristic, ice-covered device with glowing blue internal mechanisms is prominently displayed, featuring a large, moon-like sphere at its core. The intricate structure is partially obscured by frost, highlighting both its advanced technology and its cold, secure nature

Analysis

The attack vector leveraged a delegateCall vulnerability embedded within UXLINK’s multi-signature wallet, a sophisticated smart contract function designed to execute code from another contract in the context of the calling contract. The attacker exploited this flaw to remove legitimate administrators and gain unauthorized control over the contract. This compromise of administrative privileges enabled the malicious actor to mint 2 billion UXLINK tokens, drastically inflating the supply, and subsequently drain $11.3 million worth of assets from the protocol. The success of this exploit highlights a critical failure in the protocol’s access control mechanisms and the inherent risks associated with powerful, yet improperly secured, delegateCall implementations.

The image displays a detailed metallic electronic component, featuring intricate silver and black elements with fine blue wires, encased within a translucent, flowing blue abstract structure. The central component appears to be a precision-engineered device, possibly a specialized processing unit

Parameters

  • Protocol Targeted → UXLINK
  • Vulnerability Type → delegateCall Exploit in Multi-Signature Wallet
  • Initial Financial Impact → $11.3 Million Drained
  • Tokens Minted → 2 Billion UXLINK Tokens
  • Token Price Drop → 70% (from $0.30 to $0.09)
  • Market Cap Erased → $70 Million
  • Secondary Loss (Hacker Phished) → $48 Million (542 million UXLINK tokens)
  • Secondary Attack VectorInferno Drainer Phishing Scheme
  • Date of Initial Exploit → September 22, 2025

A high-tech, dark blue device showcases a prominent central brushed metal button and a smaller button on its left. A glowing blue circuit board pattern is visible beneath a transparent layer, with a translucent, wavy data stream flowing over the central button

Outlook

Immediate mitigation for protocols involves a comprehensive review and re-auditing of all multi-signature wallet implementations, with particular scrutiny on delegateCall functions and access control logic. The incident reinforces the necessity of implementing robust timelocks for sensitive administrative actions and renouncing minting privileges post-launch where appropriate. For users, heightened vigilance against phishing schemes, even those targeting sophisticated actors, remains paramount. This event will likely accelerate the adoption of formal verification techniques and decentralized insurance models across the DeFi ecosystem, establishing new security best practices to combat both protocol-level vulnerabilities and social engineering threats.

The UXLINK exploit, compounded by the subsequent phishing of the attacker, serves as a stark reminder that even sophisticated threat actors are vulnerable, underscoring the critical need for multi-layered security and continuous vigilance across the entire digital asset landscape.

Signal Acquired from → ainvest.com

Micro Crypto News Feeds

delegatecall vulnerability

Definition ∞ A delegatecall vulnerability is a critical security flaw specific to Ethereum smart contracts that utilize the delegatecall opcode.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

tokens

Definition ∞ Tokens are digital units of value or utility that are issued on a blockchain and represent an asset, a right, or access to a service.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

inferno drainer

Definition ∞ Inferno Drainer refers to a specific type of malicious software or scam kit designed to steal digital assets from cryptocurrency users.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

Tags:

Tags: