The recent hack of UXLINK, a popular Web3 social platform, has taken an unexpected turn as the hacker responsible for the exploit has now fallen victim to a phishing scheme himself. According to reports from blockchain security platform Scam Sniffer, the attacker lost a staggering 542 million UXLINK tokens, amounting to over $50 million, to another bad actor.
Yu Xian, co-founder of SlowMist, suggested that the theft bore the signature style of Inferno Drainer, a well-known “draining-as-a-service” provider notorious for selling phishing kits and setting up fake websites. Inferno Drainer has a history of targeting unsuspecting crypto users across various chains and has managed to steal millions of dollars in the process.
The irony of the situation was not lost on Xian, who pointed out that the hacker had fallen for the same basic authorization traps that he himself had used to exploit UXLINK. It serves as a stark reminder of the risks involved in the cryptocurrency space and the importance of staying vigilant against such attacks.
The original breach of UXLINK occurred on Sept. 22 when the attacker utilized a delegateCall function to gain admin privileges and manipulate the platform’s smart contract. This allowed them to steal $4 million in USDT, $500,000 in USDC, 3.7 wrapped Bitcoin, and 25 ETH. The stolen funds were quickly converted into DAI and moved across different networks.
Subsequently, a second address received 10 million UXLINK tokens, valued at $3 million, and began selling them off through decentralized exchanges. The situation escalated further when the attacker minted 2 billion UXLINK tokens and made substantial profits by trading them on various exchanges, totaling 6,732 ETH or approximately $28 million.
In response to the hack, UXLINK confirmed the breach and took immediate action to mitigate the damage. The team collaborated with exchanges to freeze stolen assets and enlisted the help of blockchain security firm PeckShield. They also urged trading platforms to suspend UXLINK trading pairs temporarily and announced plans for a token swap to secure the integrity of their token economy.
As the investigation into the hack continues, it serves as a stark reminder of the importance of robust security measures in the cryptocurrency industry. Users and platforms alike must remain vigilant and proactive in safeguarding their assets against potential threats.