UXLINK has finalized a new smart contract audit as it prepares for a token migration following a recent exploit that allowed the hacker to mint tokens.
Summary
- UXLINK audit confirms new fixed-supply token contract.
- Hack on Sept. 22 drained $11.3M and minted billions in UXLINK tokens.
- Attacker later fell victim to phishing attack, losing 542M UXLINK tokens.
UXLINK has passed a security audit for its redesigned token contract and is preparing for a migration following a multi-sig breach that drained millions and led to mass unauthorized minting.
The UXLINK (UXLINK) team posted the update on X on Sept. 24, stating that the new Ethereum (ETH) contract had passed its audit and would be deployed on the mainnet as part of an emergency token-swap plan.
The team said it has removed the mint–burn function, will keep the UXLINK ticker for continuity, and is submitting migration details to centralized exchanges. It also plans to respond to an inquiry by Korea’s Digital Asset eXchange Association today.
Security Notice – Update 5
We would like to share the latest progress on the UXLINK token migration:
1. The new UXLINK smart contract has successfully passed its security audit.
2. The contract will be deployed on the Ethereum mainnet. The contract dropped the mint-burn…
— UXLINK (@UXLINKofficial) September 24, 2025
What the audit fixes and how the migration will work
The audited contract sets a fixed supply and drops on-chain minting to prevent repeat exploits. UXLINK said cross-chain interoperability will rely on partner services rather than a native mint function.
The migration plan is meant to realign supply with the project’s whitepaper and to restore confidence after the compromise. Centralized exchanges have been briefed and most have pledged support or temporary suspensions while the swap is coordinated.
More on UXLINK exploit
On Sept. 22 attackers used a “delegateCall” vulnerability to seize admin rights over UXLINK’s multi-signature wallet. That allowed transfers of roughly $11.3 million in assets, including stablecoins, ETH, and WBTC, and enabled the attacker to mint between 1 and 2 billion UXLINK tokens on Arbitrum.
About 490 million of those tokens were dumped on decentralized exchanges, bridged to Ethereum, and swapped for roughly 6,732 ETH, according to chain analysis. The minting and sell-off pushed UXLINK down more than 70%, from about $0.30 to roughly $0.09.
Security firms and exchanges moved quickly. PeckShield joined the probe, and major CEXs including Upbit froze suspect deposits, limiting further laundering. Law enforcement has been notified and recovery procedures are active.
UXLINK attacker falls victim to phishing scam
In an unexpected twist, the attacker was later phished. ScamSniffer and on-chain investigators flagged a subsequent approval-based drain that moved roughly 542 million UXLINK to phishing wallets tied to the Inferno Drainer network. One large transfer totaled 433,583,532 UXLINK.
That siphon reduced the exploiter’s usable holdings, though the attacker still realized substantial proceeds.
UXLINK says frozen addresses are under recovery procedures and that community losses will be handled with transparency and compensation. The audited contract and migration are the next steps in that effort. The team urged users to follow only official channels for migration instructions.
