Yesterday, a hack hit Japanese “AI-powered web3 social platform and infrastructure” UXLINK, initially draining $11 million price of crypto from the undertaking’s multi-signature wallets.
The hack was flagged by blockchain safety agency Cyvers earlier than being acknowledged by UXLINK round an hour later.
Cyvers famous the change of possession and the lack of ether, bitcoin, stablecoins USDC and USDT, and UXLINK tokens.
In a later replace, the UXLINK group notified customers that their token contract had additionally been compromised, and freshly-minted UXLINK tokens flooded into the attacker’s addresses.
Nearly 12 hours handed between the preliminary compromise and the attacker minting a billion UXLINK.
As different safety researchers regarded into the transactions, extra losses have been uncovered, with tokens price over $40 million (excluding UXLINK) reportedly sitting in hacker-controlled addresses.
The UXLINK tokens had a theoretical worth within the tons of of hundreds of thousands of {dollars} when minted. It had been buying and selling round $0.32 pre-hack, however crashed because the hacker bought tokens and depleted liquidity.
In accordance with CoinMarketCap knowledge, it’s down 99.99%, price fractions of a cent.
Issues get bizarre
With all eyes on the hacker’s addresses, many have been shocked to see a (presumably) security-aware particular person fall for one of many oldest tips within the guide.
Clearly in a rush to dump UXLINK tokens, the hacker first depleted liquidity on Uniswap earlier than on the lookout for a brand new venue to promote. Transferring to CoW Swap, they seem to have clicked a foul hyperlink and “signed a malicious ‘increaseAllowance’ approval to a phishing contract.”
500 million tokens, with a purported worth of $42 million on the time, have been misplaced.
Undeterred, nonetheless, the hacker merely moved to mint extra tokens and proceed dumping, inside minutes.
Neither the phishing scammer, nor the drainer supplier (which took its 20% minimize) have been capable of liquidate the hacker’s UXLINK.
