The incident highlights that no one, not even experienced hackers, is immune to the threat of phishing in the crypto space.
The drama surrounding the recent UXLink hack has taken a surprising turn. The hacker, who stole millions in UXLink tokens during a major security breach, has reportedly become the target of a phishing scam. On-chain data shows that about 542 million UXLink tokens. Which worth tens of millions of dollars, were drained from the exploiter’s wallet. After they approved access to a malicious contract. The saga started when UXLink announced that its multi-signature wallet had been compromised. Large amounts of crypto were illicitly transferred to centralized exchanges (CEXs) and decentralized exchanges (DEXs).
The company quickly reached out to exchanges, law enforcement and blockchain security experts to freeze suspicious deposits and track the funds. But what followed has left the crypto community stunned and amused. Blockchain security analysts discovered that the hacker responsible for draining UXLink’s wallet accidentally approved a phishing contract. The approval gave attackers the ability to drain their stolen funds using a simple increase Allowance trick. According to Scam Sniffer, a Web3 security firm, the exploiter signed the approval just before the tokens were siphoned out. The funds were then moved into phishing addresses connected to the group known as Inferno Drainer.
The phishing method used in this case is not new. Attackers create fake contracts designed to appear legitimate. When a victim interacts with the contract. They unknowingly grant permission for the attacker to move tokens from their wallet. In this situation, the UXLink hacker likely believed they were moving funds to safety or swapping them. Instead, they handed control of their tokens to a phishing address. Within minutes, hundreds of millions of UXLink tokens were drained. Leaving the hacker empty-handed.
On-chain records show two major transfers from the exploiter’s address:
Together, these transfers totaled more than 542 million tokens.
The crypto community has reacted with disbelief and humor. Security researcher Cos, known for uncovering phishing attacks, called the situation “hilarious.” Noting that even hackers are not safe from the tricks they often exploit themselves. Many in the community joked that it was “karma” at work. While the loss of funds is serious. The irony has made this one of the most talked about incidents in recent crypto security news. The episode also highlights the sheer scale of phishing threats in Web3. Even someone who carried out a sophisticated multi-signature wallet exploit fell victim to a common attack vector.
UXLink has been working non-stop to contain the original breach. In an urgent security notice, the team confirmed they are coordinating with security experts. The exchanges are to track stolen funds and freeze suspicious activity. The company has also reported the incident to the police and regulators. The unexpected phishing of the exploiter adds a twist. But it does not resolve the original crisis for UXLink or its community. The breach still represents a massive loss of funds and a major blow to user confidence. UXLink says it remains committed to transparency and will continue providing updates as the investigation progresses.
This incident underscores several important lessons for the crypto world:
The UXLink hack was already one of the more significant breaches in recent months. It involves large-scale theft and urgent responses from the project and exchanges. But the hacker’s downfall to a phishing group has turned the story into something few could have predicted. While the UXLink community continues to face uncertainty. The broader crypto industry is left with a strange reminder: in the world of decentralized finance, even the thieves can get robbed.
