UXLINK suffers $11.3M hack after multi-sig wallet exploit. Learn how the attack happened and what it means for user fund safety.
A serious security breach has hit UXLINK, exposing a major vulnerability in its multi-signature wallet system. The hack resulted in the unauthorized transfer of $11.3 million worth of crypto assets, raising urgent concerns for users and investors.
UXLINK Loses $11M in Coordinated Attack
According to Cyvers Alerts, the attacker replaced the admin role of the wallet with a delegateCall. Then, they added a new multisig owner using the addOwnerWithThreshold function. In possession of the wallet, the hacker moved $4 million USDT, $500,000 USDC, 3.7 WBTC, and 25 ETH to other wallets.
The attacker moved fast. Stolen USDC and USDT were exchanged for DAI in the Ethereum network. On Arbitrum, the hacker swapped USDT to ETH and bridged it back to Ethereum. A few minutes later, another wallet received 10 million UXLINK tokens (value of $3 million), started to sell and, till now, holds approximately $2.2 million.
In return, UXLINK acknowledged the incident on the official X (Twitter) account. The team disclosed a multi-signature wallet heist, with capitalists transferred to centralized and decentralized exchanges.
They are currently engaged with internal and external security experts to investigate the root cause. UXLINK has also reached out to major exchanges to freeze suspicious deposits to avoid additional losses.
UXLINK reported the incident to the police and regulators. Moreover, the team promises full transparency and will continue updating the community.
So, are your funds safe? For the time being, UXLINK users should remain vigilant, refrain from clicking on suspicious links, and keep an eye on official updates. While the attack was against the platform’s wallet, it shows how even sophisticated security systems like multi-sig can be manipulated if not managed properly.
