Multisignature wallet breach triggers massive token minting and $30M+ losses
Decentralized finance (DeFi) platform UXLink suffered a major exploit this week, after attackers gained control of its multisignature wallet and minted billions of unauthorized tokens. The incident caused the price of its native asset to collapse by more than 90%, raising questions about centralization risks in supposedly decentralized ecosystems.
How the exploit unfolded
According to blockchain security firms, the attackers exploited a delegate call vulnerability in UXLink’s multisignature wallet. This flaw allowed them to assume administrative control of the smart contract and mint nearly 10 trillion tokens. The token’s price plummeted from $0.33 to $0.033, wiping out most of its market value.
Estimates of the losses vary, with some placing the damage at around $11 million, while others suggest the figure exceeded $30 million. UXLink confirmed that a significant amount of the stolen tokens had been transferred to exchanges.
Experts warn of design flaws
“This really spotlights some design flaws in UXLink’s setup,” said Marwan Hachem, co-founder of a Web3 security firm. “A multisignature wallet that wasn’t properly shielded from delegate call exploits, lax controls on who could mint, and no built-in code to enforce the supply cap.”
Hachem added that incidents like this show how risky it is to “keep too much centralized control in projects that claim to be decentralized.”
Security measures that could have helped
Experts argue that the breach could have been avoided with standard safeguards, including:
- Timelocks on sensitive actions, providing a 24–48 hour delay for community review.
- Hardcoded supply caps to prevent unlimited token minting.
- Renouncing minting privileges once tokens are launched.
- Independent audits not just for token contracts, but also for multisignature wallet setups.
“You can’t just audit the token contract. The multisig setup needs scrutiny too,” Hachem explained, urging projects to adopt more transparent governance and require multiple signers for every transaction.
The UXLink hack highlights the fragility of security in DeFi when centralized points of failure exist. Experts stress that even widely used tools like multisignature wallets are not foolproof without layered defenses.
As Hachem summarized, “Rushing ahead without solid and ongoing security can shatter community confidence. It’s better to build stronger protections from the start.”
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.