The UXLINK exploiter has been phished merely hours after the AI-powered Web 3 social platform’s multi-sig wallet had been breached. Lookonchain had reported on Monday that UXLINK’s multi-signature wallet was compromised, with funds drained across centralized and decentralized exchanges.
According to the blockchain analytics platform, the attacker was phished and lost 542 million UXLINK tokens, valued at approximately $48 million.
Interestingly, the hacker who attacked $UXLINK was targeted by a phishing attack and lost 542M $UXLINK($48M).https://t.co/Cp9QNHPE8Xhttps://t.co/M8tbPYAdiq pic.twitter.com/PxadIIfkDi
— Lookonchain (@lookonchain) September 23, 2025
UXLINK had earlier admitted that its multi-sig wallet had been breached, and said that “a significant amount of crypto” was illicitly transferred, but most of them were frozen.
“Our team is working through legal and compliant measures to ensure that the UXLINK token supply fully aligns with the rules stated in the whitepaper. The white paper remains the sole community consensus and standard for UXLINK’s token economy,” the project team wrote on X.
UXLINK breach involved six wallets
Security monitoring firm Cyvers Alerts flagged unusual activity early Monday on an Ethereum address linked to UXLINK. The account executed a delegateCall, removed the existing administrator role, and added a new multisig owner. After making the change, the hacker moved at least $4 million in USDT, $500,000 in USDC, 3.7 wrapped Bitcoin (WBTC), and 25 ETH.
Onchain evidence also showed that the attacker sold UXLINK tokens on decentralized exchanges using six separate wallets. These trades netted at least 6,732 ETH, valued at roughly $28.1 million.
Hours after pulling off the UXLINK exploit, the attacker themselves fell victim to a phishing scheme. Arbiscan onchain records show the loss occurred on Tuesday at around 02:15 UTC under the transaction hash 0xa70674ccc9caa17d6efaf3f6fcbd5dec40011744c18a1057f391a822f11986ee.
Two large transfers of UXLINK tokens were directed from the exploiter’s wallet into new addresses. One transaction sent 108,395,883 UXLINK tokens, worth $9.23 million, to the address 0xA7Ad03f8…c254dd15a.
A second and larger transaction moved 433,583,532 UXLINK tokens, valued at $36.93 million, to address 0xeBBA8F57…4aD479dbD. Both transfers originated from the exploiter’s address 0xAfb2423F447D3e16931164C9907B9741aAb1723E, dubbed Fake Phishing 1309277 account by HashDit.
Web 3 platform identified and stopped minting of fake tokens
As if the situation were not complicated enough, UXLINK also revealed that the attacker continued minting tokens after the initial exploit. Data shared by blockchain investigators showed that around 10 trillion UXLINK tokens were created late Monday without authorization.
The additional supply triggered a severe price collapse, with UXLINK plunging more than 70% to $0.08912, according to CoinGecko.
In a statement on X published Tuesday, the social project said: “We have identified an unauthorized minting of UXLINK tokens today by a malicious actor. We strongly advise all community members not to trade UXLINK on DEXs at this time, in order to avoid potential losses caused by these unauthorized tokens.”
The team added that it was in contact with centralized exchanges to temporarily halt trading, and confirmed plans for a forthcoming token swap to mitigate user losses were in place.
Latvian streamer targeted in separate crypto hack
In a separate incident, Latvian crypto content creator Raivo “Rastaland” Plavnieks lost more than $31,000 after downloading malware disguised as a game on Steam. The 26-year-old streamer, who has been battling stage-four sarcoma, had been raising funds through a Solana-based meme token called Help Me Beat Cancer (CANCER) on Pump.fun.
During a livestream, a viewer suggested he try a title called Block Blasters, which is listed on Valve’s Steam platform. After launching the game, his crypto wallet was drained, with losses amounting to between $31,189 and $32,000, or around AU$48,515.
Blockchain sleuth ZachXBT and other online researchers traced the attackers’ activity and forwarded evidence to law enforcement. Valve, which operates Steam, has been bashed for keeping the game on its platform available even though cybersecurity company G Data CyberDefense warned about the game weeks earlier.
Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
