The attacker responsible for the UXLink -Hack is still shuffling their loot, recently dumps millions of assets in an attempt to convert the revenue from the hack.
Summary
- The Uxlink -Hack continues to unfold while the attacker discharges about $ 6.8 million in ETH.
- In a turn, the attacker recently lost a large part of the stolen tokens to a phishing attack while they move assets.
- UXLINK has completed a new smart contract audit and is preparing for a token migration
The Uxlink -Hack has introduced a new chapter while the attacker continues to shake money that are stolen from the protocol. Per facts From trackers on the chain, the malicious actor has converted around 1,620 ETH into Dai Stablecoins in the early hours of today, with a value of approximately $ 6.8 million at the time of the transaction.
Almost 48 hours after the exploit, this transaction, marks the first major effort of the attacker to cash in the stolen assets. The hacker already had extensive shuffling funds, moving assets over multiple portfolios and used both centralized and decentralized exchanges to complicate the path and attempts.
In an interesting turn, the attacker has already lost a considerable part of the stolen funds on a phishing attack. Security researchers discovered that they had unconsciously approved a malignant contract that was checked by the Inferno Drainer Group, which means that 542 million UXLink -Tokens, at the time about $ 43 million worth their wallet.
The recently converted ETH only represents part of the stolen funds, whereby the attacker still keeps an estimated millions in various assets.
How the Uxlink -Hack happened
The Uxlink -Hack started on September 22 and went on for a few hours the next day. The core of the attack included an exploit of the multi-signature wallet of the project due to a delegate call vulnerability. This security error gave the attacker operator level access, making unauthorized transfers possible and the possibility to mint large amounts of fake tokens.
Within a few hours the attacker ran almost 10 trillion cruxlink -tokens on the Arbitrum -Blockchain and liquidated part of these tokens quickly for ETH, USDC and other assets, causing the liquidity to crash and topping with more than 70%crash.
The protocol reacted immediately and warned exchanges to freeze suspicious transactions and work together with security companies to trace and reduce further losses. However, these efforts have made little to compensate for the damage already caused.
UXLINK has since deployed emergency measures, including a token migration to a newly controlled smart contract with a covered delivery to prevent similar exploits. The audit was aimed at strengthening security and tightening controls around multisig portfolios and contract interactions.
The newest rounds of assets shuffling and conversions of the hacker make the hope of full recovery of the stolen funds, and it is still to be seen whether extra movements will occur in the short term.
