On September 23, the decentralized social project UXLINK was suddenly hit by a hacker attack. The attacker tampered with multi-signature permissions and stole over $11 million in assets. Subsequently, the attacker gained minting rights and inflated the on-chain supply by 1 billion UXLINK tokens. Following the news, UXLINK plummeted nearly 65% overnight, with a price of $0.1 per token at the time of writing.

After the attack, the UXLINK team swiftly responded, stating that most of the stolen funds had been frozen. They are currently collaborating with a security firm to track the funds and will initiate a token swap. Below is a timeline of key events and subsequent observations. BlockBeats will continue to monitor and provide real-time updates:

September 23

11:48 | UXLINK Hacker Possibly Victim of Inferno Drainer Phishing Attack

FundFog CEO Wu Xing tweeted that the UXLINK hacker may have fallen victim to an Inferno Drainer phishing attack. "The approximately 542 million UXLINK tokens stolen earlier may have been phished by Inferno Drainer using a common authorization phishing technique."

11:13 | Response Plan: Token Swap Initiated

The UXLINK team identified ongoing malicious activity involving unauthorized minting of UXLINK tokens. UXLINK is urgently contacting exchanges to halt token deposits and transactions and initiate a token swap. More details and explanations regarding the token swap will be announced soon. The team emphasized that individual user wallets were not affected by this incident. UXLINK has promised to compensate affected users with tokens and has begun to enhance security measures, including upgrading the multi-signature wallet mechanism and introducing hardware wallets for asset storage.

11:04 | PeckShield Security Advisory: Avoid Interaction

According to PeckShield monitoring, since today's UXLINK hacker has obtained minting rights and just minted 1 billion UXLINK tokens on Arbitrum, the tokens have now been compromised. Users are reminded not to interact with UXLINK tokens.

11:01 | Exchange Risk Control: Upbit Cautions & Deposit Suspension

As per the official announcement, Upbit has categorized UXLINK as a tradable cautionary token. Deposit services for UXLINK have been suspended, and the resumption of deposit services will be announced separately according to the procedure after being designated as a trading cautionary item.

The announcement stated that Upbit found various vulnerabilities in UXLINK, posing a potential risk to users. The specific reasons include: based on best practices for supporting virtual asset transactions, there are security incidents such as hacking, and the issuer or operator has failed to promptly disclose important information regarding virtual assets through appropriate electronic media. Therefore, Upbit has designated UXLINK as a trading cautionary asset to protect investors.

Transaction Alert Period: September 23, 2025, Tuesday 12:00 (KST) - October 17, 2025, Friday 11:59 (KST)

09:53｜Hacker Minting Exposed: 1 Billion UXLINK

According to market reports, a hacker performed on-chain minting of 1 billion UXLINK.

09:44｜UXLINK: Freezing Progress & Compensation Plan

The official statement indicates that over the past few hours, they have been closely collaborating with major exchange platforms, most of the stolen assets have been frozen, and cooperation with the exchange platforms is ongoing.

UXLINK's primary goal is to safeguard community assets and achieve asset recovery to the fullest extent possible. They have also engaged Parity to support the ongoing investigation and strengthen the recovery efforts. Currently, there are no indications that individual user wallets have been compromised. The next steps involve devising a clear plan to restore and compensate affected accounts. Protecting the community's interests remains UXLINK's top priority, and they will continue to share verified latest updates.

09:08｜Official Confirmation of Attack, Attempting to Freeze Suspicious Deposits and Filing a Report

A post from UXLINK's official account stated that they have identified a security vulnerability involving their multi-signature wallet, leading to a large amount of cryptocurrency being illicitly transferred to CEX and DEX. The team is collaborating with security experts to determine the cause and control the situation. They have contacted exchange platforms to freeze suspicious UXLINK deposits and have reported the incident to law enforcement and relevant authorities to facilitate legal action and asset recovery.

00:49｜Initial Report: Suspected Attack, Loss Exceeding $11 Million

Cyvers detected approximately $11.3 million in suspicious transactions related to UXLINK: the attacker address removed admin permissions through delegateCall, invoked addOwnerWithThreshold, transferred out $4 million USDT, $500,000 USDC, 3.7 WBTC, and 25 ETH. The Ethereum side saw USDT/USDC exchanges into DAI, USDT being converted to ETH on Arbitrum and bridged back to Ethereum. Subsequently, the related address received 10 million UXLINK tokens (around $3 million) and initiated exchanges.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia