UXLINK plummeted over 70%, an article to understand the event process and analysis

Author: Zhou, ChainCatcher

On the evening of September 22, the Web3 social platform UXLINK encountered a serious security incident. Hackers used delegateCall to remove the original administrator of the project's multi-signature vault and added a self-controlled address, subsequently gaining minting and management authority. They transferred USDT, USDC, WBTC, ETH, and some UXLINK from wallets and authorized addresses controlled by the project, involving approximately $11.3 million in finance.

Subsequently, the hackers illegally minted UXLINK on Arbitrum (over 1 billion tokens) and began to sell it off. According to on-chain tracking data, the hackers sold approximately 490 million UXLINK through six addresses in both decentralized and centralized scenarios, exchanging it for 6,732 ETH, worth about $28.1 million at the time. Additionally, the hackers sold a large amount of UXLINK on various CEXs.

The combination of abnormal supply and concentrated selling triggered a rapid decline in UXLINK's price within hours, dropping from about $0.30 to a range of $0.07 to $0.10, with a stage decline of 70% to 77%; its market capitalization fell from about $144 million to $37 million, with a 24-hour trading volume surging by 2622.70% to $309 million.

According to on-chain monitoring data, after the UXLINK project was attacked by hackers, a certain address spent $927,000 to buy UXLINK tokens at an average price of $0.03283. As the price plummeted, the loss rate approached 99.8% at one point.

After the incident, the UXLINK team issued a notice overnight, announcing cooperation with multiple exchanges to freeze the involved funds and suspend related trading, as well as collaborating with law enforcement and security companies for investigation. Meanwhile, the project team promised to announce details of token replacement soon and warned users not to trade on decentralized exchanges to prevent further losses.

The South Korean exchange Upbit announced on September 23 that it would list UXLINK as a warning asset and suspend deposits, with a review period until October 17, citing insufficient project disclosure and abnormal minting authority that could lead to user losses, while also proposing compensation arrangements for affected accounts.

Negative sentiment towards the UXLINK token gradually spread in the market. Ledger's Chief Technology Officer Charles Guillemet pointed out that the wallet remains under hacker control, indicating that the private keys have been completely leaked, possibly through software wallets or even plain text seed backups. They attempted to redeem these massive amounts of UXLINK, leading to a complete depletion of liquidity on Uniswap; while it is still unclear how much UXLINK was successfully redeemed, the attackers still hold a large amount of UXLINK, which may become worthless. He also stated that clearing signatures and transaction verification could resolve this issue.

Notable crypto researcher Jason Chen stated that the UXLINK project suffered an economic model collapse due to the hacker attack, with the hackers infinitely minting tokens causing the price to approach zero, a situation that is nearly irretrievable, and community trust is rapidly eroding.

It is worth mentioning that on the morning of the 23rd, monitoring showed that the involved address had suspicious interactions and fund outflows again, suggesting that the hackers may have fallen victim to "black eat black." According to a report from PeckShieldAlert, the hacker address related to this intrusion was subsequently phished, with a sample marked as Fake_Phishing1309277 transferring away 542 million UXLINK, worth about $48 million at the time.

Slow Mist founder Yu Xian tweeted that the UXLINK hackers may have encountered a phishing attack from Inferno Drainer, and the approximately 542 million UXLINK they previously stole may have been phished away by Inferno Drainer using ordinary authorization phishing techniques.

In fact, attacks on multi-signature wallets in the cryptocurrency field are not a first occurrence. Statistics show that in 2024, global hacker incidents of this kind caused losses exceeding $2 billion, including security vulnerabilities in multi-signature wallets of WazirX and Radiant Capital.

In previous cases, common compensation measures taken by project teams to rebuild trust and reduce legal risks included freezing funds, reserve refunds, token replacements, and security upgrades. UXLINK's current plan is for token replacement, with specific replacement details pending official announcement.

Click to learn about job openings at ChainCatcher