UXLINK, the promising decentralized social infrastructure project, confirmed a significant security breach involving its multi-signature wallet on September 22, 2025. This breach led to hackers exploiting critical vulnerabilities, draining over $11 million worth of assets, triggering a shocking 77% crash in its native token’s value, and sparking a rollercoaster of events that grabbed headlines worldwide.

Image Source: UXLINK

How It Happened

UXLINK’s multi-signature wallet, considered a safeguard against single points of failure by requiring multiple signatures to authorize transactions, was compromised due to a technical flaw in its delegateCall implementation. This vulnerability let attackers bypass access controls, gain administrator-level rights, and execute unauthorized minting and transfers of tokens far beyond the project’s intended limits. Security experts noted that the exploit employed a delegateCall function manipulation that effectively reconfigured wallet permissions, allowing hackers to mint between 1 to 2 billion extra tokens illicitly and transfer approximately $11.3 million of assets including $4.5 million in stablecoins, Ether (ETH), Wrapped Bitcoin (WBTC), and others.

Token Crash

Following the breach disclosure, UXLINK’s native token price plummeted dramatically from around $0.30 to near $0.09 within hours, a devastating 77% nosedive that erased nearly $70 million from its market capitalization. Trading volume spiked by 1,388% amid panic selling as investors scrambled to exit positions fearing further fallout. The attacker moved swiftly to liquidate stolen tokens, transferring large amounts to centralized and decentralized exchanges (CEXs and DEXs). Notably, nearly 490 million stolen tokens were dumped onto exchanges, while another 542 million tokens moved to phishing-linked addresses.

Hacker Becomes Victim

The hacker behind the UXLINK breach fell prey to a sophisticated phishing scam shortly after the exploit. Blockchain analytics revealed that around 542 million UXLINK tokens worth $48 million were siphoned from the hacker’s wallet by a notorious phishing group called Inferno Drainer. The hacker unknowingly approved a malicious contract, handing controls over to scammers who then drained these stolen tokens in minutes. This dramatic reversal has stunned crypto observers worldwide, highlighting that no one is safe from rampant phishing threats that continue to plague the ecosystem. 

UXLINK’s Response

Reacting promptly, UXLINK’s team paused trading of its token on major exchanges to stem the bleeding and worked closely with law enforcement, blockchain security firms, and exchange operators to freeze suspicious deposits and contain further losses. The project announced plans for an emergency token swap designed to restore supply integrity and undo the impact of unauthorized minting. The CEO, Rolland, communicated openly with the community, acknowledging the severity of the breach and promising a transparent recovery plan along with compensation mechanisms for affected holders. The team remains committed to improving governance and double-layer security audits to bolster defenses against evolving threats.

Broader Impact

The UXLINK breach has reignited intense discussions on the reliability and security of multi-signature wallets. While multi-sig wallets are designed to protect against single points of failure, this incident revealed that complex contract logic and delegateCall vulnerabilities can still expose serious risks, shaking investor confidence. Furthermore, the event has spurred calls for more rigorous and continuous smart contract audits, enhanced real-time monitoring, and community vigilance against phishing scams. The drama surrounding the hacker’s fall to phishing scams emphasizes that in the fast-evolving crypto space, attackers themselves face new and unforeseen risks.

Final Thoughts

UXLINK’s multi-signature wallet breach serves as a cautionary tale for emerging blockchain projects and investors alike. While it exposes how vulnerabilities in smart contract architecture can have devastating consequences, it also underscores the resilience of the blockchain community’s coordinated response efforts. With ongoing investigations, token swap plans, and upgraded security protocols underway, many hope UXLINK will emerge stronger and more secure.