On September 22, 2025, blockchain security firm Cyvers flagged a series of suspicious transactions originating from a UXLINK protocol address, revealing a sophisticated attack where an Ethereum address executed a delegateCall to remove admin roles and add a new owner with threshold permissions. This enabled hackers to drain approximately $11.3 million in assets, including $4.5 million in stablecoins (USDT and USDC), WBTC, and ETH, as well as $3 million worth of UXLINK tokens, which were swiftly bridged and swapped across Ethereum and Arbitrum networks.
UXLINK acknowledged the exploit less than an hour after the alert, issuing an urgent security notice confirming a breach of its multi-signature wallet. The platform is now collaborating with major centralized and decentralized exchanges to freeze suspicious deposits and has involved law enforcement to initiate investigations and recovery efforts. The hack comes just months after UXLINK celebrated its third anniversary, highlighting its growth to over 55 million users across 100+ countries, now overshadowed by this security incident.
Following the breach, UXLINK's token price collapsed, with transaction volume surging over 1700% and market capitalization plummeting by more than $70 million within hours due to panic selling and liquidations. The platform has yet to provide further updates, emphasizing the challenge to its narrative of stability and compliance.