In an ironic twist, the individual responsible for exploiting UXLINK in a significant security breach has now become the victim of a crypto scam.
On September 23rd, Scam Sniffer, a well-known blockchain security platform, revealed that the attacker was tricked and lost about 542 million UXLINK tokens. This loss is estimated to be worth over $50 million and happened due to a phishing scam by another malicious party.
Yu Xian, the co-founder of SlowMist, speculated that this latest theft shows indicators pointing to Inferno Drainer. Inferno Drainer is a notorious group that offers “draining-as-a-service” (DaaS) and is known for distributing phishing kits and creating deceptive websites.
The possible involvement of Inferno Drainer isn’t unexpected, given their history. They are known for stealing millions of dollars worth of cryptocurrency from numerous unsuspecting users across different blockchains.
Xian found the situation especially ironic, highlighting the fact that the hacker fell victim to basic authorization scams, much like the ones they originally used to target UXLINK.
UXLINK Hack
The initial security breach of UXLINK occurred on September 22nd, impacting the AI-driven Web3 social platform.
Cyvers, a blockchain security company, reported that the original breach began when the attacker utilized a delegateCall function to take away admin rights and then successfully added themself as an owner to the platform’s smart contract.
This action allowed the attacker to steal $4 million in USDT, $500,000 in USDC, 3.7 wrapped Bitcoin, and 25 ETH. The stolen stablecoins were swiftly converted into DAI, with the funds being transferred across both the Ethereum and Arbitrum networks.
Later on, a different address received 10 million UXLINK tokens, valued at approximately $3 million, and began selling them through decentralized exchanges.
The situation worsened by September 23rd. Lookonchain, a blockchain analytics platform, reported that the attacker created 2 billion UXLINK tokens and then sold large portions across both bEXs and centralized exchanges, earning 6,732 ETH, roughly equivalent to $28 million.
In response to the situation, UXLINK confirmed the exploit and started taking steps to mitigate the damage.
The UXLINK team announced that they were working with various exchanges to freeze the stolen assets. They also brought in PeckShield, a blockchain security firm, to assist and have asked trading platforms to temporarily halt trading of UXLINK pairs.
The team further stated:
“We are planning a token swap to maintain the integrity of our token structure. Details and instructions about the token swap will be shared soon.”