UXLINK Attacker Gets Taste of Own Medicine: $48M Phishing Loss Follows Multi-Sig Exploit

Karma hits crypto exploiter with brutal irony.

SECURITY BREACH BACKFIRES

The same attacker who drained UXLINK's multi-signature wallet now finds themselves on the receiving end of a sophisticated phishing scheme. The digital heist artist lost their entire $48 million haul in a stunning reversal of fortune.

POETIC JUSTICE IN DEFI

Security researchers confirm the attacker's compromised wallet shows zero balance after falling for what appears to be an advanced social engineering attack. The funds vanished through a series of rapid transactions to untraceable addresses.

MULTI-SIG VULNERABILITY EXPOSED

UXLINK's original security breach highlighted ongoing challenges in decentralized governance models. The protocol's multi-signature implementation contained critical flaws that the initial attacker exploited—only to become victim to even sharper crypto predators.

Ironically, the hacker's technical sophistication failed against basic human manipulation—proving once again that in crypto, the biggest risk factor often sits between the chair and the keyboard. Wall Street bankers would call this 'market efficiency' while quietly transferring their own funds to FDIC-insured accounts.

UXLINK breach involved six wallets

Security monitoring firm Cyvers Alerts flagged unusual activity early Monday on an Ethereum address linked to UXLINK. The account executed a delegateCall, removed the existing administrator role, and added a new multisig owner. After making the change, the hacker moved at least $4 million in USDT, $500,000 in USDC, 3.7 Wrapped Bitcoin (WBTC), and 25 ETH.

Onchain evidence also showed that the attacker sold UXLINK tokens on decentralized exchanges using six separate wallets. These trades netted at least 6,732 ETH, valued at roughly $28.1 million.

Hours after pulling off the UXLINK exploit, the attacker themselves fell victim to a phishing scheme. Arbiscan onchain records show the loss occurred on Tuesday at around 02:15 UTC under the transaction hash 0xa70674ccc9caa17d6efaf3f6fcbd5dec40011744c18a1057f391a822f11986ee.

Two large transfers of UXLINK tokens were directed from the exploiter’s wallet into new addresses. One transaction sent 108,395,883 UXLINK tokens, worth $9.23 million, to the address 0xA7Ad03f8…c254dd15a. 

A second and larger transaction moved 433,583,532 UXLINK tokens, valued at $36.93 million, to address 0xeBBA8F57…4aD479dbD. Both transfers originated from the exploiter’s address 0xAfb2423F447D3e16931164C9907B9741aAb1723E, dubbed Fake Phishing 1309277 account by HashDit.

Web 3 platform identified and stopped minting of  fake tokens

As if the situation were not complicated enough, UXLINK also revealed that the attacker continued minting tokens after the initial exploit. Data shared by blockchain investigators showed that around 10 trillion UXLINK tokens were created late Monday without authorization.

The additional supply triggered a severe price collapse, with UXLINK plunging more than 70% to $0.08912, according to CoinGecko. 

In a statement on X published Tuesday, the social project said: “We have identified an unauthorized minting of UXLINK tokens today by a malicious actor. We strongly advise all community members not to trade UXLINK on DEXs at this time, in order to avoid potential losses caused by these unauthorized tokens.”

The team added that it was in contact with centralized exchanges to temporarily halt trading, and confirmed plans for a forthcoming token swap to mitigate user losses were in place.

Latvian streamer targeted in separate crypto hack

In a separate incident, Latvian crypto content creator Raivo “Rastaland” Plavnieks lost more than $31,000 after downloading malware disguised as a game on Steam. The 26-year-old streamer, who has been battling stage-four sarcoma, had been raising funds through a Solana-based meme token called Help Me Beat Cancer (CANCER) on Pump.fun.

During a livestream, a viewer suggested he try a title called Block Blasters, which is listed on Valve’s Steam platform. After launching the game, his crypto wallet was drained, with losses amounting to between $31,189 and $32,000, or around AU$48,515.

Blockchain sleuth ZachXBT and other online researchers traced the attackers’ activity and forwarded evidence to law enforcement. Valve, which operates Steam, has been bashed for keeping the game on its platform available even though cybersecurity company G Data CyberDefense warned about the game weeks earlier.

Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.