- UXLINK passed a full contract audit and will launch a migration to protect token holders.
- Hackers drained over $11M using a contract flaw, before a phishing attack cut their haul.
- The team pledged open updates and fair compensation to restore community confidence.
UXLINK has completed a security audit for its redesigned token contract and will soon launch a migration following a multimillion-dollar breach. The incident involved a multi-signature exploit that enabled attackers to drain $11.3 million and mint billions of tokens. The project announced the update today, and its Ethereum contract has passed audit checks and will be deployed on mainnet as an emergency token swap plan.
Emergency Token-Swap Plan
The team explained that the new contract will retain the ticker UXLINK, but will no longer have the mint and burn functions. Developers claimed that a fixed supply will be enforced in the new design, by which there will be no minting operations. Migration details are currently undergoing submission to centralized exchanges that will coordinate parameters for swaps, temporary suspensions, and listings so as to cause minimal disruption.
Meanwhile, UXLINK confirmed that it would respond to a request from the Digital Asset Exchange Association of Korea. The audited contract transfers the operation for cross-chain interoperability from on-chain minting to off-chain or partner protocols, reducing risks while rebasing the project’s original tokenomics. This change will secure the system and bring about fairness to token holders on networks.
PeckShield and a myriad of other security companies joined the investigation right after the exploit. Major exchanges, including Upbit, froze deposits suspected of being used for laundering. Recovery proceedings are still in operation with the assistance of law enforcement.
Attack Details and Market Impact
On Sept. 22, attackers exploited a “delegateCall” vulnerability in UXLINK’s multi-signature wallet. By seizing administrative rights, they transferred assets valued at $11.3 million, including ETH, stablecoins, and WBTC. The exploit also enabled attackers to mint between one and two billion UXLINK tokens on Arbitrum.
According to Chainanalysis data, 490 million tokens were dumped via DEXes, which were bridged to Ethereum and swapped with the decentralized exchanges for about 6,732 ETH. The massive sell-off saw UXLINK collapse from $0.30 to $0.09 within hours, a 70% decline.
Analysts calculated that one group was liquidating large amounts of tokens for large profits before the exchanges themselves intervened. In the immediate aftermath of the sell-off, centralized exchanges suspended inflows from suspected wallets while investigators traced the stolen funds. The response limited further laundering but was unable to prevent the token price crash.
Related: UXLINK Hacker Loses $48M to Phishing After $28M Exploit
Unexpected Twist and Recovery Efforts
In an unexpected turn, the attacker who drained assets later became a victim of a phishing attack. On-chain monitors, including ScamSniffer, flagged a wallet approval exploit that redirected about 542 million UXLINK tokens to phishing wallets linked to the Inferno Drainer network. One large transfer alone moved over 433 million tokens.
Although the phishing reduced the exploiter’s usable holdings, the attacker had already realized substantial profits from the earlier sell-off. UXLINK confirmed it has additionally frozen addresses tied to these transactions and is working with exchanges to recover assets where possible. The forensic data has been forwarded to the authorities, and further investigations are underway.
In its latest statements, UXLINK has pledged to be transparent regarding community losses and reiterated compensation mechanisms. Further, the team insisted that users migrate only via legitimate channels and be cautious of unverified contracts.
