Losses Exceed Ten Million Dollars! UXLINK Security Incident Vulnerability Analysis and Stolen Funds Tracking

avatar
Chainfeeds
This article is machine translated
Show original

Chainfeeds Introduction:

On September 23rd, UXLINK was attacked due to a leak of its multi-sig wallet private key. The attacker minted UXLINK tokens and then sold them for over $11.3 million. The Beosin security team conducted vulnerability analysis and fund tracking for this attack.

Article Source:

https://mp.weixin.qq.com/s/odDiP8j7h6wqLANni_ToAw

Article author:

Beosin

Viewpoint:

Beosin: The UXLINK project contract's private key was leaked, resulting in the attacker's address being added as a multi-signature account for the contract and removing all other existing multi-signature accounts. The contract's signature threshold was also reset to 1, allowing only the attacker's address to sign to execute contract operations, giving the attacker complete control over the contract. Subsequently, the attacker began issuing additional UXLINK tokens and selling them for profit. The attacker issued tokens five times, receiving tokens from three addresses: 0xeff9cefdedb2a34b9e9e371bda0bf8db8b7eb9a7, 0x2ef43c1d0c88c071d242b6c2d0430e1751607b87, and 0x78786a967ee948aea1ccd3150f973cf07d9864f3. UXLINK tokens were converted to ETH and DAI through currency exchange, transfer, and cross-chain transactions, and stored on ETH chain addresses. The Beosin security team analyzed the main fund flows involved in this security incident: 1) ARBITRUM chain: The hacker's address is 0x6385eb73fae34bf90ed4c3d4c8afbc957ff4121c. The stolen address is 0xCe82784d2E6C838c9b390A14a79B70d644F615EB. The stolen amount is approximately 904,401 USDT. After the theft, the hacker converted 904,401 USDT into 215.71 ETH and transferred the ETH to the Ethereum address 0x6385eb73fae34bf90ed4c3d4c8afbc957ff4121c via a cross-chain transaction. 2) Ethereum Chain: The hacker's address is 0x6385eb73fae34bf90ed4c3d4c8afbc957ff4121c. The stolen addresses are 0x4457d81a97ab6074468da95f4c0c452924267da5, 0x8676d208484899f5448ad6e8b19792d21e5dc14f, and 0x561f7ced7e85c597ad712db4d73e796a4f767654. Approximately 25.27 ETH, 5,564,402.99 USDT, 3.7 WBTC, and 500,000 USDC were stolen. After stealing the funds, the hacker exchanged 5,564,402.99 USDT and 500,000 USDC into 6,068,370.29 DAI, and finally transferred the funds to the address 0xac77b44a5f3acc54e3844a609fffd64f182ef931. The current balance of this address is: 240.99 ETH, 6,068,370.29 DAI, and 3.7 WBTC.

Content Source

https://chainfeeds.substack.com

Sector:
Social Token
Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Relevant content