In an ongoing attack this morning, Web3 platform UXLINK said that criminals had stolen “a significant amount of cryptocurrency.” Later, it added that the attackers are now minting billions of their namesake native token, which crashed 70% today.
On Monday evening, the team said they identified that their multi-signature wallet was breached, and the funds were transferred to both centralized and decentralized crypto exchanges. Later, they revealed that “a large portion of the stolen assets has already been frozen.”
However, in subsequent updates this morning, UXLINK confirmed the attackers are “continuously conducting unauthorized minting of UXLINK tokens,” meaning that the criminals are creating tokens out of thin air.
According to blockchain security specialist PeckShield, at least 2 billion tokens were minted, worth around $183 million at the time of writing.
The Web3 platform’s team said they are reaching out to centralized exchanges to temporarily suspend trading of their token. At the time of writing, the price of UXLINK is down 70% in a day.
While the exact scope of the attack is unknown, crypto security experts provided different numbers.
For example, @officer_cia and Cyvers detected $11.3 million in “suspicious transactions” in stablecoins, wrapped bitcoin (WBTC) (a tokenized version of bitcoin), and ethereum (ETH), though this number was later raised to $15 million. Researchers at CertiK put the figure above $21.7 million.
Meanwhile, Scam Sniffer found “the UXLINK exploiter address appears to have signed a malicious increaseAllowance approval to a phishing contract, resulting in ~542M UXLINK being moved to phishing addresses.”
The UXLINK team was also criticized by security expert and researcher Taylor Monahan from the most popular ETH wallet, MetaMask, for failing to contain the attack.
“The hackers went to bed and got a good night’s sleep and then came back for a late start and were like ‘hmmm what else can we do seeing as the team has done NOTHING in the last 10+ hours,'” she said.
However, it seems that the hackers themselves might have been attacked.
Analysts at Lookonchain found that “the hacker who attacked $UXLINK was targeted by a phishing attack and lost 542M $UXLINK ($48M).” No other details have been provided.
