- A breach in the multisignature wallet gave rise to a minting role; the initial diversion was around $11,3 million.
- At least 2.000 billion UXLINK were minted on Arbitrum; several exchanges froze deposits.
- The attacker fell victim to phishing and lost $48M after previously converting $28,1M into ETH.
- UXLINK is preparing a token swap and a new contract with a fixed supply, under external audit.
UXLINK has lived a critical security incident after a breach in its multi-signature wallet that allowed minting permissions to be obtained for its token. The attacker took advantage of this access to create large amounts of UXLINK and move assets., causing liquidity tensions, listing disruptions, and an immediate reaction from exchanges.
The case took an unexpected turn shortly after: the person responsible himself ended up falling into a Phishing and lost $48 million, despite having previously managed to convert at least $28,1 million worth of ETH on-chain. The company, for its part, has reported a plan of swap token and the deployment of a new contract with fixed supply, along with an independent audit to strengthen security and restore confidence.
Chronology of the attack and vector used
According to the first analyses by cybersecurity firms, The intrusion originated in the multi-signature module and resulted in the assignment of a minting role that should not have been availableThe initial diversion of funds was estimated at around 11,3 million, including USDT, USDC, WBTC and ETH, with exchange routes and bridging between networks to make tracking difficult.
With control of the role, the malicious actor proceeded to create new tokens: Technical reports point to a first batch of 1.000 billion UXLINK and a second batch of another 1.000 billion. in ArbitrumThis activity put pressure on the market and disrupted the token's listing, generating alerts for traders to avoid interacting with suspicious contracts and pairs.
In parallel, the team contacted centralized and decentralized platforms to freeze suspicious deposits and issued warnings to the relevant authorities. Several CEX partners provided support, helping to stem some of the flows and limiting a greater immediate impact.
Effects on the token market
The oversupply resulting from unauthorized minting and associated sales caused a collapse of nearly 90% price, from the $0,33 range to lows around $0,033, with a subsequent partial recovery to $0,11. Volatility soared, and liquidity remained highly strained in several pairs.
The episode damaged price formation and book depth, highlighting how the supply manipulation can trigger cascades of orders and mismatches in listings. Dialogue with exchanges was key to mitigating the domino effect in secondary markets.
The unexpected twist: the attacker, victim of phishing
In a twist that is hard to believe, the aggressor ended up being the subject of a Phishing and lost about $48 million in assets, which underlines the importance of measures to block malicious pagesOn-chain sources indicate that the outflow occurred while the attacker was still managing positions and liquidity following the mass minting.
Even so, before that stumble he had managed launder at least $28,1 million in ETH, leaving a balance in which the final criminal profit is uncertain and, nevertheless, much lower than what it seemed after the first blow.
UXLINK's response and announced measures
To stabilize the ecosystem, the team has confirmed a token swap plan with the support of several centralized partners. The goal is to restore the project's economic balance and protect users from the effects of illicit minting.
In addition, a new smart contract with fixed supply, eliminating any vector that would allow for re-coining. This contract has been sent to an external audit, and the project is working on a detailed technical report that reconstructs the whole incident.
UXLINK recognizes that the functions of mint/burn had operational utility in inter-chain flows, but the model will be thoroughly revised in the new whitepaperThe priority now is to ensure the immutability of the supply and secure role permissions.
Facing the community, the team stresses that there is no indication that user wallets have been compromised, although it asks to be extremely cautious, use only official channels and distrust supposed advertisements or links from third parties that promise express recoveries.
Lessons and best practices for DeFi projects
The incident puts the spotlight back on the need for comprehensive audits and real-time on-chain monitoring to detect anomalous patterns. Publishing results and remediation plans helps build trust during crisis periods.
Multi-signature configurations and permission management must apply principle of least privilege, change controls, and emergency pause functions. Bug bounty programs and independent inspections reduce the attack surface on sensitive contracts.
Agile coordination with CEX and DEX to freeze assets and mapping flows, along with AML/KYC procedures where appropriate, improves responsiveness. Operational transparency and clear communication with users are, in these situations, as important as the technical patch itself.
The UXLINK incident illustrates how a combination of permit failures, market pressure and human errors of the attacker It can unleash a whirlwind in a matter of hours; containment measures, contract redesign, and a well-executed token swap will be crucial to regaining stability and credibility in the medium term.
I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.
If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.