Hacker Backfires: UXLINK Attacker Falls Victim to Phishing, 542 Million Tokens "Lost and Regained"

Scam Sniffer, a blockchain security company, detected that the address of the UXLINK exploiters, shortly after their success, signed a malicious increaseAllowance authorization to a phishing contract, resulting in the theft of approximately 542 million UXLINK being transferred to the phishing address. This incident occurred after the UXLINK project party confirmed that its Multi-signature Wallet had suffered a security breach, resulting in a loss of approximately 11.3 million USD, adding a layer of dramatic flair to the entire event.

01 Event Review: From Project Theft to Hacker Phishing

The starting point of this series of security incidents is the UXLINK project itself being attacked by hackers. In the early morning of September 23, 2025, the system of the security company Cyvers detected a suspicious transaction of 11.3 million dollars involving UXLINK.

According to the analysis, the attacker executed a deleGateCall through an Ethereum Address, removed the admin permissions, and called the “addOwnerWithThreshold” function, subsequently transferring out 4 million USDT, 500,000 USDC, 3.7 WBTC, and 25 ETH. Yuxian, the founder of SlowMist Technology, pointed out on the X platform that this is likely due to a leak of several private keys related to UXLINK's Safe multi-signature wallet.

After stealing the funds, the hacker further issued 1 billion UXLINK tokens on the chain, an amount equivalent to the total original supply of the token, intending to completely dilute the rights of existing holders.

However, the event took a dramatic turn in a short period of time. According to monitoring by Scam Sniffer, the attacker address that stole the UXLINK assets was also targeted by a phishing attack, as it signed a malicious increaseAllowance authorization to a phishing contract, resulting in approximately 542 million UXLINK tokens being transferred to the phishing address.

02 Project Response: Emergency Freezing and Remedial Measures

In the face of serious security incidents, the UXLINK project party quickly took a series of response measures. After discovering the vulnerability, the team immediately began round-the-clock collaboration with internal and external security experts to identify the root cause and control the situation.

UXLINK urgently contacted major centralized exchanges and decentralized exchanges, requesting to freeze suspicious UXLINK deposits and closely cooperate to prevent further fund transfers. Meanwhile, the project party has reported this incident to the police and relevant departments to expedite legal action and recover funds.

Regarding the hackers' behavior of increasing the issuance of tokens, UXLINK has confirmed that it has detected malicious actors continuously engaging in unauthorized UXLINK token minting and announced that it will immediately launch a token replacement plan to ensure the integrity of the token economy.

As a precautionary measure, several exchanges have taken action. The South Korean exchanges Upbit and Bithumb have designated UXLINK as a “trading alert” project, and Upbit has also suspended the deposit and withdrawal services for UXLINK. Poloniex has directly suspended spot trading for UXLINK/USDT.

03 Security Reflection: Vulnerabilities of Multi-signature Wallets and the Prevalence of Phishing Attacks

This incident exposed that even multi-signature wallets, which are widely considered a relatively safe management method, are not absolutely reliable. Slow Fog's analysis pointed out that the core reason for the theft of UXLINK was “leakage of multi-signature private keys,” indicating that even with a mechanism that requires multiple keys to jointly authorize transactions, there are still security risks if private key management is not handled properly.

On the other hand, the dramatic situation where hackers fall victim to phishing also reveals the widespread threat of phishing in the cryptocurrency field. This type of attack does not differentiate between target identities; whether it is an ordinary user or a highly skilled hacker, anyone can fall prey due to a moment of negligence. Phishing attacks typically exploit user psychology rather than technical vulnerabilities, using fake websites or information to lure victims into signing malicious authorizations or disclosing credentials.

04 Market Impact: Price Plunge and Crisis of Trust

The security incident had a direct and severe impact on the market performance of UXLINK. After the hack, the price of the UXLINK token plummeted, reaching $0.08529 at one point, with a 24-hour decline of up to 71.9%.

The more profound impact lies in the shaking of user confidence. Even with endorsements from well-known investment institutions such as OKX Ventures, SevenX, and HashKey Capital, users have begun to raise various doubts about UXLINK. The official social media accounts of UXLINK are filled with inquiries regarding compensation plans, asset recovery, and other aspects, demonstrating the destructive power of a security incident on the project's reputation.

This incident has also raised concerns about the security of the entire Web3 social platform. UXLINK, claiming to be the “world's largest Web3 social platform,” may face stricter scrutiny due to its security vulnerabilities, which could put the entire industry at risk.

05 Industry Background: The Security Situation of Cryptocurrency is Severe

The UXLINK incident is not an isolated case, but part of the ongoing security challenges in the cryptocurrency sector. In the same week, the blockchain security field reported multiple security incidents, with total losses exceeding $57.5 million.

For example, SwissBorg and Kiln suffered a vulnerability, resulting in a loss of $41.5 million, highlighting the risks of trusting third-party vault or staking providers. Meanwhile, the Shibarium bridge was hacked, leading to a loss of about $3 million.

These events collectively depict the multidimensional security challenges faced by the cryptocurrency ecosystem: from protocol layer vulnerabilities to phishing, from bridging risks to supply chain attacks. In this context, both the project party and users need to maintain the highest vigilance regarding security.

Conclusion

The hacker attack that UXLINK encountered and the subsequent “black eats black” incident mirror the complex challenges in the security field of the cryptocurrency world. Even skilled hackers cannot remain unscathed in the trap-filled crypto forest.

This incident has sounded an alarm for all market participants: security should be an eternal theme in the cryptocurrency field. Whether it is the project party managing assets or ordinary users safeguarding private keys, a multi-layered awareness of security and technical protection needs to be established. For UXLINK, the ability to rebuild trust through transparent communication, effective fund recovery, and reasonable user compensation will determine its future fate.

In today's world where digital assets are becoming increasingly important, this incident will undoubtedly serve as an important case study for researching cryptocurrency security, reminding us that technological innovation and risk prevention must go hand in hand.