UXLINK admitted its wallet was compromised when attackers stripped admin rights and rerouted tokens across Ethereum and Arbitrum. The Web3 social platform is now working simultaneously with central exchanges to freeze the stolen funds and with law enforcement to initiate formal investigations.
Summary
- UXLINK confirmed an $11.3m hack after attackers seized admin rights and rerouted funds across Ethereum and Arbitrum.
- The Web3 social platform is working with exchanges and law enforcement to freeze assets and recover stolen funds.
- The breach comes just months after UXLINK marked its third anniversary, celebrating 55m+ users and global growth.
On Sept. 22, blockchain security firm Cyvers flagged a series of highly suspicious transactions originating from a UXLINK protocol address. Their analysis revealed a sophisticated attack vector, with an Ethereum address executing a “delegateCall” to effectively seize control by removing the admin role and adding a new owner with threshold permissions.
Cyvers said the attack enabled the hacker to drain approximately $11.3 million in assets, including $4.5 million in stablecoins, WBTC, and ETH, before swiftly bridging and swapping portions of the haul across networks in an apparent attempt to launder the funds. Within minutes, another address received $3 million worth of UXLINK tokens, some of which remain unswapped.
UXLINK responds as breach overshadows recent milestones
UXLINK acknowledged the exploit less than an hour after Cyvers’ alert, issuing what it called an “urgent security notice” to its users. While the official communication did not specify the exact figure, it confirmed that a “significant amount of cryptocurrency” had been illicitly transferred to both centralized and decentralized exchanges.
“We have already reached out to major CEXs and DEXs to urgently freeze suspicious UXLINK deposits and are coordinating closely with them to prevent further movement of funds. The incident has been reported to the police and relevant authorities to accelerate legal action and recovery efforts,” the team wrote on X.
UXLINK’s move to involve law enforcement underscores the severity of the incident and the project’s intent to pursue all available avenues for restitution. Notably, the timing of the hack carries added weight for the Web3 social platform.
Just three months ago, the Tokyo-headquartered project celebrated its third anniversary in July, an event that highlighted a period of remarkable growth. UXLINK reported its registered user base surging to over 55 million, with a presence in more than 100 countries, and emphasized its commitment to regulatory compliance and product innovation.
The hack now poses a direct challenge to that very narrative of maturation and stability. The breach of a core administrative wallet stands in stark contrast to the image of a robust, compliance-first infrastructure provider that UXLINK has carefully cultivated.
The platform has yet to issue another update as of press time.
Source link
