UXLINK passes security audit after $11.3 million exploit triggers emergency migration

UXLINK has completed a UXLINK smart contract audit for its redesigned token as it prepares to launch a migration following a devastating exploit. The move comes after attackers abused a delegate Call vulnerability to seize admin rights, mint billions of tokens and drain millions in assets.

On Sept. 24, the team confirmed on X that the new Ethereum contract passed the UXLINK smart contract audit and will soon go live on mainnet as part of an emergency token swap plan.

What the UXLINK smart contract audit fixed

The UXLINK smart contract audit ensures the removal of the vulnerable mint burn function while setting a fixed supply. Cross chain functionality will rely on partner services instead of native minting, reducing attack vectors.

According to UXLINK, the migration plan realigns the token supply with the project’s original whitepaper while reassuring users and partners of its resilience. Centralized exchanges have been briefed on the migration process with most pledging full support or applying temporary suspensions until the swap is complete.

Details of the exploit

The breach on Sept. 22 saw attackers exploit UXLINK’s multi signature wallet through a delegateCall flaw. Roughly $11.3 million in ETH, WBTC and stablecoins were stolen alongside the minting of 1–2 billion UXLINK tokens on Arbitrum.

About 490 million of those tokens were dumped on decentralized exchanges bridged to Ethereum and sold for 6,732 ETH. The mass sell off drove the token price down over 70%, from $0.30 to $0.09.

Security firms including PeckShield and several CEXs responded quickly freezing deposits linked to the exploit. Law enforcement agencies are now involved and asset recovery efforts are ongoing.

Twist in the saga: attacker phished

In a surprising turn, the original exploiter of UXLINK later fell victim to a phishing scam. On chain analysts and ScamSniffer reported that Inferno Drainer linked wallets siphoned about 542 million UXLINK from the attacker including one transfer of 433 million tokens.

While the phishing incident cut into the attacker’s haul, they had already cashed out significant proceeds.

Migration and next steps

The UXLINK smart contract audit was described by the team as a milestone in its recovery strategy. Migration details are being shared with exchanges and will be announced through official channels only.

UXLINK says frozen wallets are under review as community compensation will be handled with transparency and the UXLINK smart contract audit marks the beginning of restoring trust after the breach.

By finalizing the UXLINK smart contract audit, the project aims to safeguard against repeat exploits and reinforce user confidence in its platform.