UXLINK exploiter loses 542M illegally minted tokens in phishing attack
The UXLINK hack has taken an unexpected twist after the exploiter themselves fell victim to a phishing scam, losing over 542 million tokens to the notorious Inferno Drainer group.
- Blockchain security firm ScamSniffer flagged that the exploiter signed a malicious increaseAllowance approval, enabling phishing addresses to drain more than $43M in UXLINK tokens.
- SlowMist founder Yu Xian said the theft was likely carried out by Inferno Drainer using ordinary authorization phishing methods.
- The incident compounds UXLINK’s ongoing crisis, following a $11.3M multi-sig breach and continued unauthorized token minting, with the project now preparing a token swap to restore integrity.
The UXLINK saga took an unexpected turn as the exploiter’s wallet was targeted in a phishing attack. Approximately 542 million UXLINK tokens were siphoned after the address signed a malicious increaseAllowance transaction, blockchain security platform ScamSniffer reported on Tuesday.
According to on-chain data, the suspicious approval was executed around noon UTC, allowing a phishing contract to drain more than $43 million at market prices, scattered across multiple addresses that investigators have already tagged as malicious.
Source: @realScamSniffer
According to Yu Xian, founder of SlowMist, the exploiter likely fell victim to the well-known phishing group Inferno Drainer. In a post on X, Yu said that “the approximately 542 million UXLINK tokens stolen earlier may have been phished away by the Inferno Drainer using ordinary authorization phishing methods.”
The UXLINK fallout
This latest incident follows a multi-sig wallet breach disclosed on Sept. 22, when attackers exploited a delegateCall vulnerability to seize administrator rights. That attack saw $11.3 million in assets — including ETH, WBTC, and stablecoins — rerouted through Ethereum and Arbitrum. Since then, the exploiter address has continued unauthorized minting of billions of UXLINK tokens and selling them on DEXs and bridging proceeds into ETH.
The project’s token price has plummeted more than 70% since the breach, wiping out nearly $70 million in market value. In response, UXLINK has confirmed plans for a token swap to restore supply integrity and is working with centralized exchanges to suspend deposits and freeze suspicious wallets.
Whether the token swap can fully repair trust in the ecosystem remains to be seen, but today’s phishing exploit highlights a broader vulnerability in crisis situations: once a wallet is compromised, attackers often exploit secondary approvals and allowances to extract even more value.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Can stablecoins become the true pillar of US dollar hegemony?
DBA Asset Management Proposes Bold Cut in HYPE Coin Supply
In Brief The Hyperliquid ecosystem is evaluating a significant reduction in HYPE coin supply. Supporters believe the reduction would increase transparency and align market value. The altcoin has surged 1,200%, showing potential to hit $100 by year's end.
White House projects cryptocurrency bill approval by December
Trending news
MoreCrypto prices
More
