The hacker who drained UXLINK in a high-profile exploit has satirically develop into a sufferer of crypto crime himself.
On Sept. 23, blockchain safety platform Rip-off Sniffer reported that the attacker misplaced roughly 542 million UXLINK tokens, valued at greater than $50 million, to a phishing scheme executed by one other dangerous actor.
SlowMist co-founder Yu Xian steered the theft bore the hallmarks of Inferno Drainer, a infamous “draining-as-a-service” (DaaS) supplier recognized for promoting phishing kits and faux web sites.
Inferno Drainer’s involvement wouldn’t be totally stunning, contemplating the group is answerable for stealing a number of million {dollars} from unsuspecting crypto customers throughout a number of chains.
Contemplating this, Xian mocked the irony of the state of affairs, noting that the hacker fell for fundamental authorization traps much like these he had deployed towards UXLINK.
UXLINK hack
The unique UXLINK breach occurred on Sept. 22, when the AI-powered Web3 social platform was compromised.
Blockchain safety agency Cyvers reported that the breach started when an attacker executed a delegateCall operate to strip admin privileges and add themselves as an proprietor to the platform’s sensible contract.
This transfer allowed the theft of $4 million in USDT, $500,000 in USDC, 3.7 wrapped Bitcoin, and 25 ETH. The stolen stablecoins have been shortly swapped into DAI, whereas funds moved throughout the Ethereum and Arbitrum networks.
Hours later, a second handle acquired 10 million UXLINK tokens, value about $3 million, and commenced offloading them by means of decentralized exchanges.
By Sept. 23, the state of affairs had escalated additional. Blockchain analytics platform Lookonchain reported that the attacker minted 2 billion UXLINK tokens and bought massive quantities throughout bEXs and centralized exchanges, netting 6,732 ETH, roughly $28 million.
In response, UXLINK confirmed the exploit and moved to restrict the harm.
The staff acknowledged that it was working with exchanges to freeze stolen belongings. It additionally added that it has enlisted the assistance of blockchain safety agency PeckShield, and urged buying and selling platforms to droop UXLINK buying and selling pairs briefly.
It added:
“We are going to promptly provoke a token swap plan to make sure the integrity of our token financial system. Additional particulars and directions for the token swap might be introduced shortly.”
