On the evening of September 22, the Web3 social platform UXLINK suffered a severe security breach. Hackers exploited the delegateCall function to remove the original administrators from the project’s multi-signature treasury and replace them with self-controlled addresses. They then gained minting and administrative privileges, transferring USDT, USDC, WBTC, ETH, and a portion of UXLINK tokens from project-controlled wallets and authorized addresses. The total financial loss amounted to approximately $11.3 million.
Subsequently, the hackers illegally minted over 1 billion additional UXLINK tokens on Arbitrum and began dispersing them for sale. According to on-chain tracking data, the hackers sold approximately 490 million UXLINK tokens through six addresses across both decentralized and centralized platforms, exchanging them for 6,732 ETH worth approximately $28.1 million at the time. Additionally, the hackers sold substantial quantities of UXLINK across various centralized exchanges (CEXs).
The combination of abnormal supply and concentrated selling triggered a rapid price collapse for UXLINK within hours, plummeting from approximately $0.30 to the $0.07-$0.10 range—representing a phase decline of 70% to 77%. Its market capitalization plummeted from approximately $144 million to $37 million, while its 24-hour trading volume surged by 2,622.70% to $309 million.
According to on-chain monitoring data, following the UXLINK project’s hack, a specific address spent $927,000 purchasing UXLINK tokens at an average price of $0.03283 in the early hours. As the price plummeted, the loss rate approached 99.8% at one point.
Following the incident, the UXLINK team issued an urgent announcement overnight, declaring collaboration with multiple exchanges to freeze involved funds and suspend related trading. They also confirmed cooperation with police and security firms for investigation. Simultaneously, the project promised imminent details on token replacement and warned users against trading on decentralized exchanges to prevent further losses.
South Korean exchange Upbit announced at noon on September 23 that it had designated UXLINK as a warning asset and suspended deposits, with the review period extending until October 17. The exchange cited insufficient project disclosure and abnormal minting permissions as potential causes of user losses, while also outlining compensation arrangements for affected accounts.
Negative market sentiment toward UXLINK tokens is spreading. Charles Guillemet, CTO of Ledger, noted that the wallet remaining under hacker control indicates private keys were fully compromised—likely through software wallets or even plaintext seed backups. Attempts to redeem these massive UXLINK holdings have completely drained liquidity on Uniswap. While the exact amount successfully redeemed remains unclear, attackers still hold substantial UXLINK, which may become worthless. Guillemet added that clearing signatures and transaction validations could resolve this issue.
Renowned crypto researcher Jason Chen stated that the UXLINK project’s economic model collapsed due to the hack, with attackers infinitely minting tokens to drive the price near zero. This situation is nearly irreversible, and community trust is rapidly eroding.
Notably, on the morning of the 23rd, monitoring revealed suspicious interactions and fund outflows from the involved addresses, suggesting the hacker may have been targeted by a “hack-to-hack” scheme. According to a PeckShieldAlert report, the hacker address linked to this breach was subsequently phished. A sample labeled Fake_Phishing1309277 transferred 542 million UXLINK tokens, valued at approximately $48 million at the time.
Yu Xian, founder of SlowMist, tweeted that the UXLINK hackers may have fallen victim to an Inferno Drainer phishing attack, with the approximately 542 million UXLINK tokens they previously stole likely retrieved by Inferno Drainer using standard authorization phishing techniques.
In fact, multi-signature wallet attacks are not unprecedented in the cryptocurrency space. Statistics indicate that such hacking incidents globally caused over $2 billion in losses in 2024, including security breaches in multi-signature wallets at WazirX and Radiant Capital.
In previous cases, to rebuild trust and mitigate legal risks, common compensation measures by project teams have included asset freezes, reserve refunds, token swaps, and security upgrades. UXLINK’s current plan involves a token swap, with specific details pending official announcement.
