Amidst increasing security threats within the cryptocurrency market, UXLINK, a prominent web3 social platform and infrastructure, has fallen victim to a massive phishing scam. In a brazen move, the hacker not only stole approximately $30 million in assets but also executed unauthorized minting, further exacerbating the security breach.
In response to this situation, the platform has been working diligently to address the issue and ensure the integrity of the ecosystem. Through collaboration with major exchanges and security firms, UXLINK is working to restore trust and rebuild a secure environment for users.
UXLINK Takes Action Against Unauthorized Minting
The UXLINK team has been actively addressing the issue of unauthorized token minting, which has compromised the project’s whitepaper and community consensus. To rectify this issue and assure investor protection, the team has engaged with major centralized exchange (CEX) partners regarding a planned token, with the platforms expressing their full support for the initiative.
In a recent X post, the UXLINK team provided the latest update on the phishing scam, announcing the firm’s proactive measures to counter it. Highlighting their strategic move in collaboration with CEXs, the firm noted, “We have engaged with major CEX partners regarding the planned token swap, and they have expressed their full support.”
Another major step taken by the firm to prevent future unauthorized minting is the development of a new smart contract, which has been submitted for a security audit. This contract will establish a fixed token supply, ensuring that no additional tokens can be created. By removing the mint-and-burn function, typically used for cross-chain solutions, UXLINK prioritizes community benefit and security.
In addition to these security measures, the platform is cooperating with the Digital Asset eXchange Association (DAXA) in Korea to prepare a comprehensive incident report. The team remains committed to transparency and timely updates, urging community members to exercise caution by avoiding unauthorized token trades on DEXs and taking extra precautions to secure their wallets. The team wrote, “We remain committed to keeping our community and partners updated in a transparent and timely manner as this situation progresses.”
What Happened to UXLINK?
Earlier today, UXLINK disclosed a phishing scam that involved a security breach in its multi-signature wallet by taking advantage of a flaw in the “delegateCall” function. This hack resulted in the illicit transfer of a substantial amount of tokens to both centralized and decentralized exchanges. The platform wrote, “We have identified a security breach involving our multi-signature wallet, resulting in a significant amount of cryptocurrency being illicitly transferred to both CEXs and DEXs.”
Reportedly, the attacker stole about $30 million in assets, including stablecoins and prominent cryptocurrencies like ETH and WBTC. In addition, immediately after the hack, the scammer moved about 542 million tokens, worth about $43 million, to phishing addresses.
After confirming the breach, the team reported that the attacker had begun minting unauthorized tokens. As per PeckShield’s findings, the hacker initially created 1 billion UXLINK tokens and then minted another 1 billion. Attackers ultimately minted more than 10 trillion tokens.
Hacker Loses $48M+ To Phishing Scam
In an interesting turnaround, the hackers responsible for the UXLINK phishing scam fell victim to a hack just hours after their Web3 security breach. The blockchain analytics firm Lookonchain revealed that the hackers lost about 542 million UXLINK tokens in the phishing incident.
While swapping their stolen funds, the UXLINK hacker moved their funds to another phishing address, incurring a loss of $48 million. On-chain records reveal that two major transactions were executed from the hacker’s address
- 108,395,883 UXLink tokens, valued at around $9.7 million.
- 433,583,532 UXLink tokens, valued at over $39 million.
