UXLINK attacker transformed 1,620 ETH into 6.73m DAI on September 24.
The transaction occurred almost 48 hours after the preliminary exploit.
Inferno Drainer phishing rip-off drained 542m UXLINK tokens price $43m.
The UXLINK hack has taken one other sudden flip because the attacker behind the exploit continues to shuffle stolen belongings in an try and money out.
On-chain trackers present that within the early hours of September 24, the hacker transformed 1,620 ETH into DAI stablecoins, valued at round $6.8 million.
The motion got here almost 48 hours after the preliminary exploit and was the primary main conversion of stolen funds.
Nonetheless, investigators additionally found that the attacker had already misplaced a big a part of their loot to a phishing rip-off, including an uncommon twist to one of many largest exploits in latest months.
Attacker converts ETH to stablecoins
Blockchain information revealed that the attacker swapped 1,620 ETH for six.73 million DAI on September 24.
This marked the primary important try to remodel the stolen tokens into steady belongings.
Earlier than this transaction, the hacker had engaged in heavy fund shuffling throughout a number of wallets.
These actions used a mixture of decentralised and centralised exchanges, a standard laundering tactic to obscure the path.
The fund motion was flagged by on-chain monitoring accounts, together with Lookonchain, which confirmed the ETH-to-DAI swap.
The exercise means that the attacker could also be testing liquidity and off-ramping methods regardless of heightened surveillance from exchanges and safety corporations.
Phishing drains $43 million in UXLINK tokens
In a shocking twist, the attacker’s personal safety misstep led to a further loss.
Investigators discovered that the hacker interacted with a malicious contract linked to the Inferno Drainer phishing group.
This error allowed 542 million UXLINK tokens, price roughly $43 million on the time, to be drained instantly from the attacker’s pockets.
For UXLINK, it has created a state of affairs the place a considerable a part of the stolen tokens is now within the fingers of a separate malicious actor.
How the exploit unfolded
The hack started on September 22 and prolonged into the next day.
In keeping with safety researchers, the foundation of the exploit was a delegate name vulnerability inside UXLINK’s multi-sig pockets.
This flaw gave the attacker administrator-level entry, enabling them to switch belongings with out approval and mint pretend tokens.
The attacker minted near 10 trillion CRUXLINK tokens on the Arbitrum blockchain.
They shortly liquidated a portion into ETH, USDC, and different belongings, draining liquidity swimming pools and inflicting the token worth to break down by greater than 70%.
The speedy influence worn out hundreds of thousands in market worth.
In response, UXLINK contacted main exchanges to freeze suspicious transfers and partnered with safety corporations to hint transactions.
Nonetheless, a lot of the harm had already been completed by the point these measures had been applied.
Protocol response and restoration efforts
UXLINK has since launched emergency measures aimed toward rebuilding safety and market belief.
The group migrated to a newly audited sensible contract that included a capped provide to cut back the chance of limitless token minting.
The audit strengthened safeguards round multi-signature wallets and contract interactions.
Regardless of these actions, the hacker continues to carry hundreds of thousands in belongings, and the latest ETH-to-DAI swap provides new complexity to monitoring restoration.
The extra phishing loss additional complicates issues, leaving uncertainty over how a lot of the unique stolen funds can ever be recovered.
With stolen belongings unfold throughout a number of chains, wallets, and malicious actors, restoration prospects stay restricted.
