TLDR
- UXLink's multisig wallet was breached, leading to $30M in stolen assets and 10T unauthorized tokens minted.
- PeckShield and Hacken confirmed the attacker dumped 9.95T tokens for just 16 ETH.
- UXLINK price crashed over 90% before partially recovering.
- In an ironic twist, the hacker was phished mid-exploit and lost 500B tokens.
- UXLink is freezing funds, auditing its contracts, and planning a token swap.
The Web3 world witnessed one of the more dramatic hacks of the year - and a bizarre twist - after attackers breached UXLink, an AI-powered Web3 social platform, stole millions, and then got phished themselves before cashing out.
UXLink confirmed on Tuesday that its multisignature wallet had been compromised, allowing attackers to drain assets and mint unauthorized tokens.
According to blockchain security firm PeckShield , the attacker initially minted 1 billion UXLINK tokens - then quickly minted another billion. Hacken's onchain analysts later confirmed the total minted supply ballooned to nearly 10 trillion tokens.
Despite the staggering number, Hacken estimates that only 9.95 trillion tokens were swapped, netting the hacker around 16 ETH (~$67,000). The total losses from the incident are estimated at more than $30 million, factoring in stolen liquidity and assets moved to centralized exchanges (CEXs).
Immediate Fallout: Token Price Tanks
The unauthorized minting caused a rapid collapse in UXLINK's price, with the token falling over 90% from $0.33 to $0.033. UXLink moved quickly to request that exchanges freeze trading and deposits of UXLINK while the exploit was contained.
The project also announced a token swap plan to protect users from further damage:
By the time of writing, UXLINK had staged a partial recovery, trading at around $0.11.
The Twist: Hacker Gets Phished
In a rare case of poetic justice, blockchain analytics firm Lookonchain flagged that the hacker themselves became a victim - losing over 500 billion UXLINK tokens to a phishing attack while still in the middle of exploiting UXLink.
This detail quickly became a talking point across crypto social media, with many observers calling it "karma" in real-time.
UXLink's Next Steps
UXLink has taken several actions to restore confidence:
- Worked with exchanges to freeze suspicious deposits
- Reported the incident to law enforcement
- Submitted a new smart contract for audit, promising a fixed supply of tokens to prevent future unauthorized minting (link)
- Preparing a detailed postmortem report in collaboration with security partners
The company also reassured users that no individual wallets were affected and urged them to stay vigilant and follow only official channels for updates.
Final Thought
The UXLink hack underscores the evolving nature of Web3 exploits - where attackers don't just drain funds but also manipulate supply in ways that ripple across entire ecosystems.
Ironically, the attacker's own loss to phishing during the hack has become one of the most talked-about twists in crypto this week. But for UXLink and its users, the road to recovery will depend on whether the token swap and new contract restore trust in the project.
READ MORE: Beyond the Hype: What’s Really Fueling Crypto and DeFi Right Now