The attack on the Web3 social platform UXLink turned out to be a rare scenario: the attackers stole more than $30 million but fell into a phishing trap, losing hundreds of billions of Token in the middle of the mining process.
Web3 social platform UXLink has undergone a serious security crisis that saw the UXLINK Token drop more than 90% in value, while the attacker unexpectedly fell victim to a phishing scam in the middle of exploiting the security vulnerability.
The incident stemmed from a malicious actor successfully hacking into the project’s Multisignature wallet on September 23, setting off a chain of events with total estimated losses exceeding$ 30 million. UXLink immediately announced the security breach after discovering a large amount of crypto assets being illegally transferred to centralized and decentralized exchanges.
The project immediately coordinated with exchanges to block suspicious transactions and report the incident to law enforcement. Thanks to this cooperation, a portion of the assets were frozen in time.
After taking control of the wallet, the attacker proceeded to illegally issue a huge amount of UXLINK Token . Tracking by blockchain security firms PeckShield and Hacken showed that the hacker initially issued 1 billion Token, which continued to increase with Hacken estimating the final number to be close to 10 trillion UXLINK. This move disrupted the supply-demand balance, driving the Token price from $0.33 to just $0.033.
However, despite issuing a huge amount of Token , the attacker only swapped 9.95 trillion UXLINK for 16 Ether, equivalent to about $67,000 at the time. Notably, in the midst of manipulating the market, on-chain analytics firm Lookonchain discovered that the hacker accidentally interacted with a fake contract and lost more than 500 billion Token due to phishing – a rare “thief meets old lady” situation in the world of blockchain attacks.
In response to the shock, UXLink called on exchanges to suspend all UXLINK-related activities and announced a token swap plan to stabilize the ecosystem and protect users. In parallel, the project pledged to deploy a new, security-audited smart contract with a fixed supply to completely eliminate the risk of additional Token issuance.
UXLink representatives confirmed that users' personal wallets were not affected, and said a detailed report on the incident will be released soon with blockchain security partners.
