UXLINK exploiter loses 542M illegally minted tokens in phishing attack
crypto.newsSep 23, 2025
The $UXLINK hack has taken an unexpected twist after the exploiter themselves fell victim to a phishing scam, losing over 542 million tokens to the notorious Inferno Drainer group. The $UXLINK saga took an unexpected turn as the exploiter’s wallet was targeted in a phishing attack. Approximately 542 million $UXLINK tokens were siphoned after the address signed a malicious increaseAllowance transaction, blockchain security platform ScamSniffer reported on Tuesday. According to on-chain data, the suspicious approval was executed around noon UTC, allowing a phishing contract to drain more than $43 million at market prices, scattered across multiple addresses that investigators have already tagged as malicious. According to Yu Xian, founder of SlowMist, the exploiter likely fell victim to the well-known phishing group Inferno Drainer. In a post on X, Yu said that “the approximately 542 million $UXLINK tokens stolen earlier may have been phished away by the Inferno Drainer using ordinary authorization phishing methods.” This latest incident follows a multi-sig wallet breach disclosed on Sept. 22, when attackers exploited a delegateCall vulnerability to seize administrator rights. That attack saw $11.3 million in assets — including $ETH, $WBTC, and stablecoins — rerouted through Ethereum and Arbitrum. Since then, the exploiter address has continued unauthorized minting of billions of $UXLINK tokens and selling them on DEXs and bridging proceeds into ETH. The project’s token price has plummeted more than 70% since the breach, wiping out nearly $70 million in market value. In response, $UXLINK has confirmed plans for a token swap to restore supply integrity and is working with centralized exchanges to suspend deposits and freeze suspicious wallets. Whether the token swap can fully repair trust in the ecosystem remains to be seen, but today’s phishing exploit highlights a broader vulnerability in crisis situations: once a wallet is compromised, attackers often exploit secondary approvals and allowances to extract even more value. []
Source
Powered by ChatGPT
All You Need to Know in 10s
Your One-Stop Crypto Investment Powerhouse
UXLINK exploiter loses 542M illegally minted tokens in phishing attack
crypto.newsSep 23, 2025
The UXLINK hack has taken an unexpected twist after the exploiter themselves fell victim to a phishing scam, losing over 542 million tokens to the notorious Inferno Drainer group. The UXLINK saga took an unexpected turn as the exploiter’s wallet was targeted in a phishing attack. Approximately 542 million UXLINK tokens were siphoned after the address signed a malicious increaseAllowance transaction, blockchain security platform ScamSniffer reported on Tuesday. According to on-chain data, the suspicious approval was executed around noon UTC, allowing a phishing contract to drain more than $43 million at market prices, scattered across multiple addresses that investigators have already tagged as malicious. According to Yu Xian, founder of SlowMist, the exploiter likely fell victim to the well-known phishing group Inferno Drainer. In a post on X, Yu said that “the approximately 542 million UXLINK tokens stolen earlier may have been phished away by the Inferno Drainer using ordinary authorization phishing methods.” This latest incident follows a multi-sig wallet breach disclosed on Sept. 22, when attackers exploited a delegateCall vulnerability to seize administrator rights. That attack saw $11.3 million in assets — including ETH, WBTC, and stablecoins — rerouted through Ethereum and Arbitrum. Since then, the exploiter address has continued unauthorized minting of billions of UXLINK tokens and selling them on DEXs and bridging proceeds into ETH. The project’s token price has plummeted more than 70% since the breach, wiping out nearly $70 million in market value. In response, UXLINK has confirmed plans for a token swap to restore supply integrity and is working with centralized exchanges to suspend deposits and freeze suspicious wallets. Whether the token swap can fully repair trust in the ecosystem remains to be seen, but today’s phishing exploit highlights a broader vulnerability in crisis situations: once a wallet is compromised, attackers often exploit secondary approvals and allowances to extract even more value. []
Powered by ChatGPT
Scan QR Code to Explore more key information
One-stop financial research platform for Crypto Investors
00:00 / 00:00
00:0000:0000:00