UXLINK Hacker Loses $48M to Phishing After $28M Exploit

• UXLINK hacker minted billions of tokens, dumping millions and crashing token value.
• The exploiter then lost $48M in tokens after falling victim to a phishing drain.
• UXLINK plans a token swap and security upgrades to restore user confidence.

The UXLINK project has been hit by one of the most unusual attacks in recent Web3 history. A hacker who minted billions of tokens and stole millions in assets ended up losing a large portion of the haul to a phishing scam. The double twist highlights two growing threats in crypto: smart contract exploits and phishing-based drains.

Hackers Mint Billions, Dump on Exchanges

On September 23, UXLINK confirmed that attackers compromised its multi-signature wallet. They manipulated permissions, giving themselves the ability to mint tokens. Within hours, over two billion UXLINK tokens had been created.

The hacker quickly sold 490 million tokens through six wallets on decentralized exchanges. Proceeds were converted into 6,732 ETH, valued at $28.1 million. Additional sales took place on centralized exchanges, putting more pressure on the token’s market.

The exploit crushed confidence in the project. UXLINK’s price plummeted more than 70%, dropping from $0.30 to $0.09. The collapse erased nearly $70 million in market capitalization.

Exchanges moved quickly to contain the fallout. Upbit suspended UXLINK deposits and labeled the token a trading caution asset. Officials cited major security risks and disclosure failures. Suspicious deposits were also frozen by other platforms.

Despite these actions, the massive minting left UXLINK’s tokenomics severely compromised. The supply in circulation became unreliable, sparking calls for an emergency token swap and compensation plan.

Hacker Falls Victim to Phishing

The story then took an unexpected turn. Blockchain analysts discovered that the exploiter fell into a phishing trap. They unknowingly signed a malicious contract.

The approval gave attackers linked to the Inferno Drainer group access to the stolen tokens. In two major transactions, over 542 million UXLINK tokens were drained. The losses included 108 million tokens worth $9.7 million and 433 million tokens worth $39 million.

Inferno Drainer is notorious for running large-scale phishing schemes in Web3. They rely on fake contracts that appear legitimate. Once approved, these contracts let attackers siphon tokens using allowance manipulation.

In this case, the UXLINK hacker likely thought they were securing funds. Instead, they granted access to their wallet. Within minutes, hundreds of millions in stolen tokens were gone.

The irony sparked laughter across the crypto community. Security researchers described the situation as “karma.” Many noted that even skilled hackers are vulnerable to phishing. The incident underscored how common attack vectors can ensnare anyone.

Related:

Project Response and Next Steps

UXLINK has been racing to limit the damage. The team issued urgent notices affirming the breach and communicated with exchanges. Law enforcement and security agencies are now engaged in the monitoring of funds and finding restitution.

Officials stated that most stolen assets have been frozen. They also announced plans for a token swap to compensate affected users. Importantly, the attack did not compromise individual user wallets.

The project said its top priority is restoring community confidence. The additional security enhancements include improved multi-signature controls and hardware wallet storage. The measures will seek to avoid such incidents.

The double-layered attack, however, leaves lasting concerns. The minting exploit exposed weaknesses in contract authorizations. The phishing twist revealed how even exploiters can become victims.

The post UXLINK Hacker Loses $48M to Phishing After $28M Exploit appeared first on Cryptotale.