On September 23, the decentralized social project UXLINK was suddenly attacked by hackers. The attackers tampered with the multi-signature permissions and stole over $11.00 million in assets. Then, they gained control of the minting rights and issued 1.00 billion UXLINK tokens on the chain. After the news was released, UXLINK fell nearly 65%, and the quoted price was $0.10 at the time of publication.

UXLINK officials responded quickly after being attacked, saying that most of the funds stolen by the hackers had been frozen, and they are cooperating with security companies to recover the stolen money and will initiate a token swap. The following are the key timeline and follow-up observation points of the incident. We will continue to pay attention and update in real time:

September 23

11:48｜UXLINK hackers may have been targeted by Inferno Drainer phishing attacks

Yu Xian, the founder of SlowMist, tweeted that UXLINK hackers may have been targeted by Inferno Drainer phishing attacks. "The approximately 542.00 million UXLINK tokens previously stolen by them may have been phished away by Inferno Drainer using ordinary authorization phishing techniques."

11:13｜Disposal plan: Token swap will be launched

UXLINK officials said that they detected malicious actors continuously conducting unauthorized UXLINK token minting. UXLINK is urgently contacting trading platforms to suspend token deposits and transactions and initiate token swaps. More details and instructions on the token swap will be announced soon. The team specifically emphasized that this incident did not affect individual user wallets. UXLINK promised to compensate affected users with tokens and has begun to strengthen security measures, including upgrading multi-signature wallet mechanisms and introducing hardware wallets for asset storage.

11:04｜PeckShield security alert: Do not interact

According to PeckShield monitoring, since today's UXLINK hacker has obtained the minting rights, and 1.00 billion UXLINK tokens have just been minted on Arbitrum, the tokens have now been leaked. Remind users not to interact with UXLINK tokens.

11:01｜Exchange risk control: Upbit alert & suspension of recharge

According to the official announcement, Upbit listed UXLINK as a transaction alert token. UXLINK's deposit service has been suspended, and the recovery time of the deposit service will be notified separately in accordance with the procedure after being designated as a transaction alert item.

The announcement stated that Upbit found many defects in UXLINK that pose potential risks to users. The specific reasons are as follows: According to the best practices for supporting virtual asset transactions, there are security incidents such as hacker attacks, and the issuer or operator failed to disclose important information about the virtual asset in a timely manner through appropriate electronic media. Therefore, Upbit has designated UXLINK as a transaction alert asset to protect investors.

Transaction warning period: Tuesday, September 23, 2025 12:00 (Korean Standard Time) - Friday, October 17, 2025 11:59 (Korean Standard Time)

09:53｜Hacker's additional issuance exposed: 1.00 billion UXLINK tokens

According to market news, hackers issued an additional 1.00 billion UXLINK tokens on the chain.

09:44｜UXLINK: Freezing progress & compensation plan

The official stated that in the past few hours, they have been working closely with major trading platforms, and most of the stolen assets have been frozen. Cooperation with trading platforms is still ongoing.

UXLINK's top priority is to protect the security of community assets and recover assets as much as possible. It has also hired PeckShield to support ongoing investigations and strengthen recovery efforts. There is currently no indication that individual user wallets have been attacked. The next step is to develop a clear plan to restore and compensate affected accounts. Protecting the interests of the community remains UXLINK's top priority, and it will continue to share verified latest progress.

09:08｜Official confirmation of the attack, attempting to freeze suspicious deposits and report the case

UXLINK officially stated that it has discovered a security vulnerability involving its multi-signature wallet, which has led to a large number of cryptocurrencies being illegally transferred to CEX and DEX. The team is working with security experts to identify the cause and control the situation, has contacted the trading platform to freeze suspicious UXLINK deposits, and has reported the case to the police and relevant competent authorities to promote legal accountability and asset recovery.

00:49｜Initial report: Suspected attack, loss of over $11.00 million

Cyvers monitored approximately $11.30 million in suspicious transactions related to UXLINK: The attack address removed administrator permissions through delegateCall, called addOwnerWithThreshold, and transferred USDT 4.00 million, USDC 500,000.00, WBTC 3.70, ETH 25. On the Ethereum side, USDT/USDC was exchanged for DAI, and on the Arbitrum side, USDT was exchanged for ETH and crossed back to Ethereum. Subsequently, the relevant address received 10.00 million UXLINK (approximately $3.00 million) and began to exchange it.