UXLINK passes smart contract audit ahead of token migration

UXLINK has finalized a new smart contract audit as it prepares for a token migration following a recent exploit that allowed the hacker to mint tokens.

UXLINK has passed a security audit for its redesigned token contract and is preparing for a migration following a multi-sig breach that drained millions and led to mass unauthorized minting.

The UXLINK (UXLINK) team posted the update on X on Sept. 24, stating that the new Ethereum (ETH) contract had passed its audit and would be deployed on the mainnet as part of an emergency token-swap plan.

The team said it has removed the mint–burn function, will keep the UXLINK ticker for continuity, and is submitting migration details to centralized exchanges. It also plans to respond to an inquiry by Korea’s Digital Asset eXchange Association today.

What the audit fixes and how the migration will work

The audited contract sets a fixed supply and drops on-chain minting to prevent repeat exploits. UXLINK said cross-chain interoperability will rely on partner services rather than a native mint function.

The migration plan is meant to realign supply with the project’s whitepaper and to restore confidence after the compromise. Centralized exchanges have been briefed and most have pledged support or temporary suspensions while the swap is coordinated.

More on UXLINK exploit

On Sept. 22 attackers used a “delegateCall” vulnerability to seize admin rights over UXLINK’s multi-signature wallet. That allowed transfers of roughly $11.3 million in assets, including stablecoins, ETH, and WBTC, and enabled the attacker to mint between 1 and 2 billion UXLINK tokens on Arbitrum.

About 490 million of those tokens were dumped on decentralized exchanges, bridged to Ethereum, and swapped for roughly 6,732 ETH, according to chain analysis. The minting and sell-off pushed UXLINK down more than 70%, from about $0.30 to roughly $0.09.

Security firms and exchanges moved quickly. PeckShield joined the probe, and major CEXs including Upbit froze suspect deposits, limiting further laundering. Law enforcement has been notified and recovery procedures are active.

UXLINK attacker falls victim to phishing scam

In an unexpected twist, the attacker was later phished. ScamSniffer and on-chain investigators flagged a subsequent approval-based drain that moved roughly 542 million UXLINK to phishing wallets tied to the Inferno Drainer network. One large transfer totaled 433,583,532 UXLINK.

That siphon reduced the exploiter’s usable holdings, though the attacker still realized substantial proceeds.

UXLINK says frozen addresses are under recovery procedures and that community losses will be handled with transparency and compensation. The audited contract and migration are the next steps in that effort. The team urged users to follow only official channels for migration instructions.