UXLINK Hack: attacker Continues too Offload Stolen Funds
The UXLINK hack saga continues as the attacker converts more stolen assets. According to on-chain data, the hacker recently converted about 1,620 ETH into DAI stablecoins, worth around $6.8 million. This is the first major cash-out attempt as the exploit.
The attacker has been shuffling funds across various wallets and exchanges to cover their tracks. However, they faced a setback when they lost a meaningful portion of the stolen tokens to a phishing attack. Security experts discovered that the hacker unknowingly approved a malicious contract, leading to the loss of 542 million UXLINK tokens, valued at roughly $43 million.
How did the UXLINK hack happen? On September 22, the attacker exploited a delegate call vulnerability in the project’s multi-signature wallet. This gave them administrator-level access, allowing them to mint nearly 10 trillion CRUXLINK tokens on the Arbitrum blockchain. the attacker then liquidated these tokens for ETH, USDC, and other assets, causing the token price to crash by over 70%.
UXLINK responded by alerting exchanges to freeze suspicious transactions and collaborating with security firms. They also deployed emergency measures, including a token migration to a newly audited smart contract with a capped supply. This aims to prevent similar exploits in the future.
Despite these efforts, the hacker’s latest asset conversions complicate hopes for full recovery. It remains uncertain if more fund movements will occur in the near term.
