UXLink hack shows risks of centralized control in DeFi projects

Timothy Wuich
By
Timothy Wuich
4 Min Read
UXLink announces a new Ethereum contract after a multisignature wallet exploit led to token minting fraud and significant losses

UXLink Deploys New Ethereum Contract After Multisignature Wallet Exploit

On Wednesday, decentralized social platform UXLink revealed its plans to deploy a new Ethereum contract. This decision came after a multisignature wallet exploit enabled attackers to mint billions of unauthorized tokens, causing a dramatic decline in the value of its native asset.

Contents

Details of the Security Breach

According to UXLink, the newly developed smart contract has successfully passed a security audit and will soon be launched on the Ethereum mainnet. The project has opted to eliminate the mint-burn function in an effort to avert similar incidents in the future.

Confirming the breach on Tuesday, UXLink stated that a significant amount of cryptocurrency was moved to exchanges. The estimated losses from this hack are variable, with Cyvers Alerts reporting at least $11 million in stolen assets, while Hacken estimates the losses exceed $30 million.

This incident has exposed vulnerabilities within smart contract security that projects need to address. Marwan Hachem, co-founder and CEO of the Web3 security firm FearsOff, mentioned that the incident emphasized the dangers of proceeding without adequate security measures.

The attackers gained access to UXLink’s smart contract through a breach in the multisignature wallet, leading to the initial minting of 2 billion UXLINK tokens. As minting continued, the token’s price plummeted by 90%, falling from $0.33 to $0.033, with security firm Hacken estimating that nearly 10 trillion tokens were created.

Hachem explained that the UXLink breach stemmed from a delegate call vulnerability in their multisignature wallet. This flaw allowed the hacker to execute arbitrary code, seizing administrative control over the contract. This ultimately resulted in the unauthorized minting of tokens.

“This incident really highlights some design flaws in UXLink’s structure,” Hachem stated. “A multisignature wallet that wasn’t adequately protected against delegate call exploits, insufficient controls on who could mint, and a lack of built-in code to enforce the supply cap all contributed to the issue.”

He further elaborated that this situation illustrates the dangers of maintaining excessive centralized control in projects that portray themselves as decentralized.

From a technical perspective, Hachem asserted that the UXLink hack could have been averted with several standard safeguards.

  • Implementing timelocks on sensitive actions, such as minting new tokens or altering contract ownership. “A delay of 24 to 48 hours allows the community to identify any unusual activities before they are executed,” Hachem noted.
  • Renouncing minting privileges once the tokens are launched, preventing even insiders from creating additional tokens. Hachem emphasized that hard-coding supply caps directly into smart contracts would eliminate the risk of new tokens being minted.

On the operational front, Hachem underscored the necessity of independent reviews and continuous transparency.

“You can’t just audit the token contract. The multisig setup needs thorough examination as well,” he said, stressing the need for projects to publicize wallet addresses and require multiple signatures for every transaction.

The overarching lesson, according to Hachem, is that even widely utilized tools like multisig wallets should not be assumed to be infallible. He advocated for a push towards more decentralized governance and the inclusion of emergency stops for critical operations.

“UXLink’s incident underlines that rushing forward without maintaining solid and continuous security can erode community trust. It is far better to reinforce defenses from the outset,” Hachem remarked.

TAGGED:
Share This Article
Previous Article Vitalik Buterin urges the need for open-source infrastructure in critical sectors, warning centralized systems may threaten trust and security. Vitalik calls for open-source infrastructure in health, finance, governance
Next Article Aster, a decentralized perpetuals exchange on BNB Chain, witnesses a remarkable 33,500% surge in open interest, challenging rival Hyperliquid. Aster dethrones Hyperliquid with $1.25B surge in open interest
Most Read
- Advertisement -
Ad image
Related News
Crypto.com CEO calls for regulatory investigation after $20 billion crypto liquidations
Blockchain Cryptocurrency

Crypto.com CEO Urges Regulatory Review After $20B Crypto Liquidations

Polkadot enters Hong Kong innovation hub as blockchain initiative grows
Altcoins Blockchain

Polkadot Joins Hong Kong’s OASES Initiative to Boost Web3 Innovation

Shiba Inu price chart amid US-China trade war tensions
Altcoins Blockchain

SHIB Price Outlook: Impact of Trump’s 100% Tariff Threat Analyzed

Bitcoin price volatility chart after Trump tariff announcement
Bitcoin Blockchain

Bitcoin Faces Volatility After Trump Tariff News Shakes Markets

Customer using cryptocurrency payment via QR code at South African retail store
Blockchain Cryptocurrency

South Africans Can Now Pay With Crypto at 650,000 Stores via Scan to Pay