UXLINK Hacker Falls Victim to Another Crypto Crime

The attacker behind the recent UXLINK exploit has ironically fallen prey to another cybercriminal. According to blockchain security platform Scam Sniffer, the attacker lost over 542 million UXLINK tokens. The tokens were worth more than 50 million dollars and were taken through a phishing scam by another bad actor.

Signs of Inferno Drainer’s Involvement

Experts say the thief used methods linked to Inferno Drainer, a group that sells “draining-as-a-service.” 

This illicit platform provides square phishing kits and fake sites so even inexperienced attackers can run big scams. Over the years, Inferno Drainer, like the notorious Lazarus Group, has been tied to multiple multimillion-dollar exploits across different blockchains.

Yu Xian, co-founder of SlowMist, pointed out the irony of the situation. The hacker who once tricked UXLINK into giving away control of its smart contract became a victim of similar authorization traps. 

How the UXLINK Exploit Unfolded

The UXLINK attack itself began on September 22. Blockchain security firm Cyvers traced the breach to a delegateCall function that the attacker executed on the platform’s smart contract. This allowed the hacker to revoke administrator permissions and add themselves as a new contract owner.

The attacker quickly stole $4M in USDT, $500K in USDC, 3.7 wBTC, and 25 ETH. The stolen stablecoins were quickly converted into DAI to make tracking more difficult, while the funds were moved across both the Ethereum and Arbitrum networks.

Shortly afterward, the hacker also transferred 10 million UXLINK tokens, worth approximately 3 million dollars, to another wallet. These tokens were later sold through decentralized exchanges, putting further pressure on the token’s price. 

By the next day, the attack intensified. Blockchain trackers reported that the hacker minted two billion UXLINK tokens and sold large amounts on both decentralized and centralized exchanges. This action earned him about 6,732 ETH, valued at roughly 28 million dollars.

This aggressive offloading of newly minted tokens significantly destabilized the UXLINK market, creating panic among investors and damaging confidence in the project. Notably, the attack on UXLINK is part of a bigger trend in decentralized finance (DeFI), where hackers target smart contract vulnerabilities to steal funds. 

UXLINK’s Damage Control Measures

Like other platforms that faced similar problems, the UXLINK team acted fast to reduce the damage. 

The platform confirmed the hack and said it was working with big exchanges to freeze the stolen funds before they could be moved around. It also brought in blockchain security firm PeckShield to investigate the attack and make its system stronger.

To protect users, UXLINK asked trading platforms to pause UXLINK trading pairs for now. The company also shared plans for a token swap to replace the damaged tokens with new ones. 

This step will help fix the issue of extra tokens made during the attack. The community will get more details about the swap soon.