Crypto Hacker Loses $50M to Phishing After UXLINK Exploit

The chain of events began on September 22 when an attacker successfully compromised UXLINK, an AI-powered Web3 social platform. According to blockchain security firm Cyvers, the breach commenced with the execution of a delegateCall function—a powerful smart contract operation that allowed the hacker to strip admin privileges and add themselves as an owner to the platform’s smart contract. This sophisticated move granted the attacker complete control over UXLINK’s treasury, enabling the immediate theft of $4 million in USDT, $500,000 in USDC, 3.7 wrapped Bitcoin (WBTC), and 25 ETH.

The hacker demonstrated considerable blockchain expertise in laundering the stolen assets. The stablecoins were quickly swapped into DAI, while funds were moved across both the Ethereum and Arbitrum networks to obscure their trail. Hours after the initial theft, a second address received 10 million UXLINK tokens worth approximately $3 million, which were promptly offloaded through decentralized exchanges. The situation escalated further when blockchain analytics platform Lookonchain reported that the attacker had minted an astonishing 2 billion UXLINK tokens—essentially creating new tokens out of thin air—and sold large quantities across both decentralized and centralized exchanges, netting 6,732 ETH worth roughly $28 million.

In a stunning reversal of fortune, the hacker’s success was short-lived. On September 23, blockchain security platform Scam Sniffer reported that the attacker had fallen victim to a phishing scheme, losing approximately 542 million UXLINK tokens valued at more than $50 million. SlowMist co-founder Yu Xian suggested the theft bore the hallmarks of Inferno Drainer, a notorious ‘draining-as-a-service’ (DaaS) provider known for selling phishing kits and fake websites to other cybercriminals.

The irony of the situation was not lost on security experts. Yu Xian noted that the hacker fell for basic authorization traps similar to those they had deployed against UXLINK just days earlier. Inferno Drainer’s involvement represents a particularly sophisticated threat, as the group has been responsible for stealing several million dollars from unsuspecting crypto users across multiple blockchain networks. The incident demonstrates that even successful hackers are not immune to the very techniques they employ against others.

Facing a compromised token economy, UXLINK moved quickly to limit the damage. The team confirmed the exploit and announced they were working with exchanges to freeze stolen assets. They have enlisted the help of blockchain security firm PeckShield and urged trading platforms to suspend UXLINK trading pairs temporarily. Most significantly, UXLINK announced plans for a token swap to ensure the integrity of their token economy, with further details to be announced shortly.

This series of events underscores the persistent security challenges facing the DeFi ecosystem. The sophistication of the original UXLINK exploit—combining smart contract manipulation, cross-chain fund movement, and token minting—demonstrates the evolving tactics of blockchain attackers. Meanwhile, the subsequent phishing attack highlights the growing threat of ‘draining-as-a-service’ operations like Inferno Drainer, which lower the barrier to entry for would-be crypto thieves. The incident serves as a stark reminder that in the largely unregulated world of cryptocurrency, security vulnerabilities can be exploited at multiple levels, turning attackers into victims in a matter of hours.