The UXLINK hack has taken an unexpected twist after the exploiter themselves fell victim to a phishing scam, losing over 542 million tokens to the notorious Inferno Drainer group.
Summary
- Blockchain security firm ScamSniffer flagged that the exploiter signed a malicious
increaseAllowanceapproval, enabling phishing addresses to drain more than $43M in UXLINK tokens. - SlowMist founder Yu Xian said the theft was likely carried out by Inferno Drainer using ordinary authorization phishing methods.
- The incident compounds UXLINK’s ongoing crisis, following a $11.3M multi-sig breach and continued unauthorized token minting, with the project now preparing a token swap to restore integrity.
The UXLINK saga took an unexpected turn as the exploiter’s wallet was targeted in a phishing attack. Approximately 542 million UXLINK tokens were siphoned after the address signed a malicious increaseAllowance transaction, blockchain security platform ScamSniffer reported on Tuesday.
According to on-chain data, the suspicious approval was executed around noon UTC, allowing a phishing contract to drain more than $43 million at market prices, scattered across multiple addresses that investigators have already tagged as malicious.
According to Yu Xian, founder of SlowMist, the exploiter likely fell victim to the well-known phishing group Inferno Drainer. In a post on X, Yu said that “the approximately 542 million UXLINK tokens stolen earlier may have been phished away by the Inferno Drainer using ordinary authorization phishing methods.”
The UXLINK fallout
This latest incident follows a multi-sig wallet breach disclosed on Sept. 22, when attackers exploited a delegateCall vulnerability to seize administrator rights. That attack saw $11.3 million in assets — including ETH, WBTC, and stablecoins — rerouted through Ethereum and Arbitrum. Since then, the exploiter address has continued unauthorized minting of billions of UXLINK tokens and selling them on DEXs and bridging proceeds into ETH.
The project’s token price has plummeted more than 70% since the breach, wiping out nearly $70 million in market value. In response, UXLINK has confirmed plans for a token swap to restore supply integrity and is working with centralized exchanges to suspend deposits and freeze suspicious wallets.
Whether the token swap can fully repair trust in the ecosystem remains to be seen, but today’s phishing exploit highlights a broader vulnerability in crisis situations: once a wallet is compromised, attackers often exploit secondary approvals and allowances to extract even more value.
