Updated as of September 23, 2025, 12:00 PM
A major security incident is currently unfolding at UXLINK, a prominent Web3 social infrastructure project, as hackers have successfully compromised the platform's multi-signature wallet system. The attack, which began in the early hours of today, has sent shockwaves through the cryptocurrency community.
The Attack Details
According to security firm Cyvers Alerts, attackers exploited UXLINK's Ethereum addresses using delegateCall functions to remove administrator privileges, then called "addOwnerWithThreshold" to gain complete wallet control. The breach resulted in substantial losses: approximately $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH being transferred to attacker-controlled addresses.
The scope extends beyond initial transfers. Attackers obtained an additional 10 million UXLINK tokens valued at approximately $3 million, with portions already liquidated through various exchanges while $2.2 million worth remains unconverted. All stolen USDC and USDT on Ethereum were systematically converted to DAI, while USDT on Arbitrum was exchanged for ETH and bridged back to Ethereum, demonstrating sophisticated money laundering techniques designed to obscure transaction trails.
Market Impact and Response
The security incident has devastated UXLINK's market valuation. The token price collapsed from $0.30 to $0.074, representing a catastrophic 75% decline within just a few hours. Trading volumes surged as investors rushed to exit positions amid uncertainty about the breach's full scope.
Price data sourced from CoinMarketCap
UXLINK's team is currently working to contain the situation, immediately contacting major cryptocurrency exchanges to freeze suspicious deposits and coordinating with blockchain security firms to trace the stolen funds. The team is also collaborating with law enforcement agencies as investigations continue.
Technical Analysis: How MPC Technology Could Help
The UXLINK incident highlights critical vulnerabilities in traditional multi-signature wallet architectures. This attack exploited smart contract governance mechanisms rather than conventional private key compromises, representing an evolution in attack sophistication.
Multi-Party Computation (MPC) technology, as implemented by companies like Cregis, offers a fundamentally different security approach. Unlike traditional multi-signature systems that store complete private keys across multiple locations, MPC fragments cryptographic keys into encrypted shards distributed across multiple secure devices.
The security advantages of MPC become particularly relevant when considering this attack scenario. In an MPC framework, devices possessing specific key fragments have signing authority, meaning that compromising smart contract functions or gaining partial infrastructure access alone would be insufficient to complete unauthorized transactions. Attackers would need simultaneous access to distributed fragments across multiple independent devices, making attacks like the UXLINK incident significantly more difficult to execute.
However, it's crucial to understand that no security system provides complete immunity against sophisticated attacks. MPC technology helps reduce certain attack vectors and raises the bar for potential breaches, but must be implemented as part of comprehensive security strategies including proper deployment, continuous monitoring, and regular security assessments.
Industry Implications
This incident underscores the cryptocurrency industry's need to continually evaluate and improve security measures. While immediate focus remains on damage containment and user protection, this event reminds the entire ecosystem to assess current security practices against evolving threat landscapes.
Projects and institutions managing significant cryptocurrency assets should critically examine whether their security approaches adequately address sophisticated attack methods. The rapid development of this breach demonstrates how quickly situations can deteriorate, emphasizing the importance of implementing robust security infrastructure proactively.
Advanced solutions like MPC represent potential improvements over existing systems, though they should be evaluated as part of comprehensive security strategies rather than standalone solutions.
This is a developing story with updates to follow as the situation progresses.
About Cregis
Founded in 2017, Cregis is a global leader in enterprise-grade digital asset infrastructure, providing secure, scalable and efficient management solutions for institutional clients.
Built to solve the challenges of fragmented blockchain systems and asset security risks, Cregis delivers MPC-based self-custody wallets, WaaS solutions, and Payment Engine, featuring collaborative asset control and a compliance-ready ecosystem.
To date, Cregis has served over 3,500 institutional clients globally. Our solutions empower exchanges, fintech platforms, and Web3 enterprises to adopt blockchain technology with confidence. Backed by years of proven expertise in blockchain and security, Cregis helps businesses accelerate their Web3 transformation and unlock global digital asset opportunities.
