{"id":89172,"date":"2025-09-23T10:35:25","date_gmt":"2025-09-23T07:35:25","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=89172"},"modified":"2025-09-23T10:40:47","modified_gmt":"2025-09-23T07:40:47","slug":"hacker-of-uxlink-falls-victim-to-a-cyber-attack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-of-uxlink-falls-victim-to-a-cyber-attack\/","title":{"rendered":"Hacker of UXLINK Falls Victim to a Cyber Attack"},"content":{"rendered":"<p><a href=\"https:\/\/forklog.com\/en\/news\/singlesig-or-multisig-what-should-bitcoin-holders-choose\">The multisig wallet<\/a> of the UXLINK project was hacked. According to Cyvers, the initial damage amounted to $11.3 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8ALERT\ud83d\udea8Our system has detected $11.3M in suspicious transactions involving <a href=\"https:\/\/twitter.com\/UXLINKofficial?ref_src=twsrc%5Etfw\">@UXLINKofficial<\/a><\/p>\n<p>An ETH address executed a delegateCall, removed the admin role, and called &#8220;addOwnerWithThreshold&#8221; before transferring $4M <a href=\"https:\/\/twitter.com\/search?q=%24USDT&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$USDT<\/a>, $500K <a href=\"https:\/\/twitter.com\/search?q=%24USDC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$USDC<\/a>, 3.7 <a href=\"https:\/\/twitter.com\/search?q=%24WBTC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$WBTC<\/a>, and 25 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a>. <br \/>All USDC\/USDT were\u2026 <a href=\"https:\/\/t.co\/fkHwygOHkD\">pic.twitter.com\/fkHwygOHkD<\/a><\/p>\n<p>\u2014 \ud83d\udea8 Cyvers Alerts \ud83d\udea8 (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1970167036002132425?ref_src=twsrc%5Etfw\">September 22, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The perpetrator gained control over the wallet by altering access rights. Subsequently, they withdrew assets worth $11.3 million: $4 million in USDT, $500,000 in USDC, 3.7 <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-wrapped-token\">WBTC<\/a>, and 25 ETH.<\/p>\n<p>Part of the stolen <a href=\"https:\/\/forklog.com\/en\/news\/what-are-stablecoins\">stablecoins<\/a> on the Ethereum network was exchanged for DAI by the hacker. In <a href=\"https:\/\/forklog.com\/en\/news\/what-is-arbitrum\">Arbitrum<\/a>, they converted USDT to ETH and transferred them to the main blockchain. Another address received 10 million UXLINK, valued at about $3 million, from the hacker.<\/p>\n<p>The platform team confirmed the incident. Representatives stated they are working with security experts to determine the cause of the breach.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Urgent Security Notice<\/p>\n<p>We have identified a security breach involving our multi-signature wallet, resulting in a significant amount of cryptocurrency being illicitly transferred to both CEXs and DEXs.<\/p>\n<p>Our team is working around the clock with both internal and external security\u2026<\/p>\n<p>\u2014 UXLINK (@UXLINKofficial) <a href=\"https:\/\/twitter.com\/UXLINKofficial\/status\/1970181382107476362?ref_src=twsrc%5Etfw\">September 22, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>UXLINK has reached out to CEXs and <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-decentralised-exchange-dex\">decentralized exchanges<\/a> to freeze suspicious deposits and reported the incident to the police.<\/p>\n<h2 class=\"wp-block-heading\">A Taste of His Own Medicine<\/h2>\n<p>Later, analysts at Lookonchain discovered that the hacker himself fell victim to a phishing attack, losing 542 million UXLINK worth $48 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">UXLINK was hacked!<\/p>\n<p>The hacker received 490M <a href=\"https:\/\/twitter.com\/search?q=%24UXLINK&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$UXLINK<\/a> and also minted 2B <a href=\"https:\/\/twitter.com\/search?q=%24UXLINK&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$UXLINK<\/a>.<\/p>\n<p>The hacker has sold a massive <a href=\"https:\/\/twitter.com\/search?q=%24UXLINK&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$UXLINK<\/a> on DEXes through six wallets, obtaining 6,732 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> ($28.1M).<\/p>\n<p>He also sold a large amount of <a href=\"https:\/\/twitter.com\/search?q=%24UXLINK&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$UXLINK<\/a> on CEXes.<\/p>\n<p>Address:\u2026 <a href=\"https:\/\/t.co\/i2XFO7u4ZU\">pic.twitter.com\/i2XFO7u4ZU<\/a><\/p>\n<p>\u2014 Lookonchain (@lookonchain) <a href=\"https:\/\/twitter.com\/lookonchain\/status\/1970330298568319083?ref_src=twsrc%5Etfw\">September 23, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier in September, attackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-breach-swissborg-crypto-platform-steal-40-million\">stole 192,600 SOL<\/a> worth $41 million from the Swiss crypto platform SwissBorg and hacked the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-decentralised-finance-defi\">DeFi<\/a> platform Nemo for $2.4 million.<\/p>\n<p>Subsequently, a hacker <a href=\"https:\/\/forklog.com\/en\/news\/shibarium-bridge-hacked-for-approximately-2-3-million\">withdrew<\/a> approximately $2.3 million in ETH and SHIB from the Shibarium bridge, which connects the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-layer%e2%80%912-solution-in-blockchain\">L2<\/a> network with Ethereum.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The multisig wallet of the UXLINK project was hacked. According to Cyvers, the initial damage amounted to $11.3 million.<\/p>\n","protected":false},"author":1,"featured_media":89173,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"UXLINK's multisig wallet was hacked, causing $11.3M in losses.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1252],"class_list":["post-89172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-reports"],"aioseo_notices":[],"amp_enabled":true,"views":"832","promo_type":"1","layout_type":"1","short_excerpt":"UXLINK's multisig wallet was hacked, causing $11.3M in losses.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/89172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=89172"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/89172\/revisions"}],"predecessor-version":[{"id":89174,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/89172\/revisions\/89174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/89173"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=89172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=89172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=89172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}