UXLINK hack update: Hacker moves stolen funds, sells $6.8m ETH

The attacker responsible for the UXLINK hack is still shuffling their loot, recently dumping millions in assets in a bid to convert the proceeds of the hack.

The UXLINK hack has entered a new chapter as the attacker continues to shuffle funds stolen from the protocol. Per data from on-chain trackers, the malicious actor converted roughly 1,620 ETH into DAI stablecoins in the early hours of today, valued at approximately $6.8 million at the time of the transaction.

Occurring nearly 48 hours after the exploit, this transaction marks the first major effort by the attacker to cash out the stolen assets. The hacker had already engaged in extensive fund shuffling, moving assets across multiple wallets and using both centralized and decentralized exchanges to complicate the trail and attempt laundering.

In an interesting twist, the attacker has already lost a significant portion of the stolen funds to a phishing attack. Security researchers found that they had unknowingly granted approval to a malicious contract controlled by the Inferno Drainer group, allowing 542 million UXLINK tokens, worth roughly $43 million at the time, to be drained from their wallet.

The recently converted ETH represents only a portion of the stolen funds, with the attacker still estimated to be holding millions in assorted assets.

How the UXLINK hack Happened

The UXLINK hack began on September 22 and continued for several hours into the following day. The core of the attack involved an exploit of the project’s multi-signature wallet through a delegate call vulnerability. This security flaw gave the attacker administrator-level access, enabling unauthorized transfers and the ability to mint large amounts of fake tokens.

Within hours, the attacker minted nearly 10 trillion CRUXLINK tokens on the Arbitrum blockchain and swiftly liquidated part of these tokens for ETH, USDC, and other assets, draining liquidity and causing the token to crash by more than 70%.

The protocol responded immediately, alerting exchanges to freeze suspicious transactions and working with security firms to trace and mitigate further losses. However, these efforts did little to offset the damage already done.

UXLINK has since deployed emergency measures, including a token migration to a newly audited smart contract with a capped supply to prevent similar exploits. The audit focused on reinforcing security and tightening controls around multisig wallets and contract interactions.

The latest rounds of asset shuffling and conversions by the hacker complicate any hopes for full recovery of the stolen funds, and it remains to be seen whether additional movements will occur in the near term.