Sep 2025 - UXLINK MultiSig Wallet Single Owner Vulnerability Exploited - $11.3m (Global)
UXLINK is a comprehensive Web3 social platform and infrastructure designed to connect people, projects, and communities, fostering mass adoption and developer growth. It enables users to seamlessly enter the Web3 ecosystem with minimal setup. By linking social media accounts like Telegram, X (Twitter), Line, and TikTok, UXLINK allows users to create blockchain wallets and access decentralized applications (dApps) without the usual complexity. The platform’s “One Account, One Gas” feature simplifies blockchain transactions by letting users interact across multiple chains with a single account and the UXLINK token ($UXLINK) to cover all gas fees. This makes it easier for both beginners and experienced users to navigate the Web3 space.
The platform’s ecosystem supports over 500 partners and aims to foster a thriving decentralized economy through tools that enable users to build their own social networks, interact with dApps, and reach Web3 enthusiasts. UXLINK’s social-native Optimistic Rollup chain provides scalability and integration with the One Account One Gas protocol, making it suitable for mass adoption. As of 2023, the platform boasts over 54 million users and has a roadmap to expand its user base to 100 million by 2026, integrating AI-driven growth tools and cross-chain support.
For developers, UXLINK offers a robust infrastructure to build and integrate Web3 applications, and its partner network spans various sectors. The platform’s integration of AI-driven tools, such as XerpaAI for smart content generation and market matching, further enhances its capabilities for both user engagement and developer support. The platform is also set to introduce Fujipay, a decentralized gateway that bridges Web3 with global commerce, offering a payment solution that blends physical and digital transactions.
Unfortunately, the multisignature smart contract contained a critical flaw which allowed one single owner to take over full control.
ExVulSec:
"ExVul Findings:
The multisig contract design contained a critical flaw: a single Owner take full control;
Owners Private key was leaked or Owners acted maliciously → other Owners were maliciously added and removed;
Attacker address 0x2EF43c1D0c88C071d242B6c2D0430e1751607B87 fully took over the contract and drained funds."
Losses were reported by SlowMist as $11.3m USD.
Upon discovering the exploit involving their multi-signature wallet, the team immediately mobilized to assess the extent of the damage and contain the situation. They quickly began working with both internal and external security experts to investigate the breach’s cause and prevent any further unauthorized transfers. UXLINK took urgent action by contacting major centralized (CEXs) and decentralized exchanges (DEXs), requesting that suspicious UXLINK deposits be frozen to halt any further movement of the stolen assets. This rapid coordination with exchanges was aimed at minimizing the impact and securing the funds that had already been compromised. UXLINK reported the incident to law enforcement and relevant authorities, signaling their commitment to taking all necessary legal steps for asset recovery.
The UXLINK token has relaunched on a new smart contract.
The protocol has launched a new token, done an effort to make right all affected users, and undertaken a project to recover funds from the attacker.
The project continues to operate. The investigation remains underway.
Further Analysis
UXLINK, a Web3 social platform designed to connect users, projects, and communities, was recently impacted by a significant security breach involving its multi-signature wallet. A critical flaw in the wallet’s design allowed a single owner to take full control, leading to unauthorized access and the draining of $11.3 million in funds. Upon discovering the exploit, UXLINK immediately mobilized to contain the damage, working with internal and external security experts and coordinating with centralized (CEXs) and decentralized exchanges (DEXs) to freeze suspicious deposits. The team also reported the incident to law enforcement for legal action and recovery efforts. In response, UXLINK relaunched its token on a new smart contract and is actively working to compensate affected users and recover the stolen assets, while continuing its investigation. Despite the breach, the platform remains operational and committed to transparency and security
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Seedify Fund Private Key OFT Contract Compromised Minting > > < < Unknown Base Smart Contract Wrapped Ethereum Attack Theft
Sources/Further Reading
UXLINK - "We have identified a security breach involving our multi-signature wallet, resulting in a significant amount of cryptocurrency being illicitly transferred to both CEXs and DEXs." - Twitter/X (Dec 31)
UXLINK 106.20 M UXLINK Exploit Transaction - Arbiscan (Dec 31)
ExVulSec - "On Sept 23, the #UXLINK multisig wallet suffered a severe security breach, resulting in the theft of ~$11.3M in assets, which were dispersed across multiple CEXs and DEXs." - Twitter/X (Dec 31)
UXLINK Twitter/X Account (Dec 31)
UXLINK Link Tree (Dec 31)
UXLINK Homepage (Dec 31)
UXLINK (UXLINK) has been listed on Binance Futures - CryptoDiffer (Dec 31)
Web3 social platform UXLINK (UXLINK) has been listed on Upbit - CryptoDiffer (Dec 31)
UXLINK Announces Strategic Investment in Lumoz to Co-Develop Social Growth Layer - KXAN (Dec 31)
UXLINK announces listing on eight major exchanges on July 18 - CoinTelegraph (Dec 31)
New Concept in Web3 Social: UXLINK Launches its “RWS” System Architecture - CoinEdition (Dec 31)
UXLINK Announces SLP (Social Liquidity Provisioning) Dual Funding Pools - Yahoo Finance (Dec 31)
UXLINK Whitepaper (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|