UXLINK plummets over 70%, a comprehensive overview of the event process and analysis

Author: Zhou, ChainCatcher

On the evening of September 22, the Web3 social platform UXLINK encountered a serious security incident. Hackers used delegateCall to remove the original administrator of the project's multi-signature vault and added a self-controlled address, subsequently gaining minting and management capabilities. They transferred USDT, USDC, WBTC, ETH, and some UXLINK from wallets and authorized addresses controlled by the project team, involving approximately $11.3 million in finances.

Subsequently, the hackers illegally minted UXLINK on Arbitrum (over 1 billion tokens) and began to sell off the tokens. According to on-chain tracking data, the hackers sold approximately 490 million UXLINK through six addresses in both decentralized and centralized scenarios, exchanging them for 6,732 ETH, worth about $28.1 million at the time. Additionally, the hackers sold a large amount of UXLINK on various CEXs.

The combination of abnormal supply and concentrated selling triggered a rapid decline in UXLINK's price within a few hours, dropping from about $0.30 to the range of $0.07 to $0.10, with a stage decline of 70% to 77%; its market capitalization fell from about $144 million to $37 million, and the 24-hour trading volume surged by 2622.70% to $309 million.

According to on-chain monitoring data, after the UXLINK project was attacked by hackers, a certain address spent $927,000 to buy UXLINK tokens at an average price of $0.03283. As the price plummeted, the loss rate approached 99.8% at one point.

After the incident, the UXLINK team issued an overnight announcement, stating that they were collaborating with multiple exchanges to freeze the involved funds and suspend related trading, and they were working with law enforcement and security companies to investigate. Meanwhile, the project team promised to announce the details of the token swap soon, warning users not to trade on decentralized exchanges to prevent further losses.

The South Korean exchange Upbit announced on September 23 that it would list UXLINK as a warning asset and suspend deposits, with a review period until October 17, citing insufficient project disclosure and abnormal minting permissions that could lead to user losses, while proposing compensation arrangements for affected accounts.

Market sentiment towards the UXLINK token gradually spread negatively. Ledger's Chief Technology Officer Charles Guillemet pointed out that the wallet still being under hacker control indicates that the private keys have been completely leaked, possibly through software wallets or even plain text seed backups. They attempted to redeem these massive amounts of UXLINK, leading to the complete depletion of liquidity on Uniswap; although it is still unclear how much UXLINK was successfully redeemed, the attackers still hold a large amount of UXLINK, which may become worthless. He also stated that clearing signatures and transaction verification could resolve this issue.

Renowned crypto researcher Jason Chen stated that the UXLINK project suffered an economic model collapse due to the hacker attack, with the hackers infinitely minting tokens, bringing the price close to zero, a situation that is nearly irretrievable, and community trust is rapidly eroding.

It is worth mentioning that on the morning of the 23rd, monitoring showed that the involved address had suspicious interactions and capital outflows again, suggesting that the hackers might have fallen victim to "black eat black." According to a PeckShieldAlert report, the hacker address related to this intrusion was subsequently phished, with a sample marked as Fake_Phishing1309277 transferring 542 million UXLINK, worth about $48 million at the time.

SlowMist founder Yu Xian tweeted that the UXLINK hackers might have encountered an Inferno Drainer phishing attack, and the approximately 542 million UXLINK they previously stole might have been phished away by Inferno Drainer using ordinary authorization phishing methods.

In fact, multi-signature wallet attacks in the cryptocurrency field are not a new occurrence. Statistics show that in 2024, global hacker incidents of this kind caused losses exceeding $2 billion, including security vulnerabilities in the multi-signature wallets of WazirX and Radiant Capital.

In previous cases, common compensation measures taken by project teams to rebuild trust and reduce legal risks included freezing funds, reserve refunds, token swaps, and security upgrades. UXLINK's current plan is a token swap, with specific swap details pending official announcement.

Click to learn about job openings at ChainCatcher