UXLINK

Hacked

DeFi · $UXLINK · born 2023 · ✝ 2025

A delegatecall slip handed the keys to the attacker.

UXLINK was a Web3 social platform whose multisig was compromised in 2025 across Ethereum and Arbitrum. The attacker exploited a delegatecall vulnerability to seize control and drain assets.

Peak: ~$11.3M stolen
Cause: Hacked
Year of death: 2025

☠️ Cause of death

A delegatecall exploit let the attacker take over privileged contract execution and drain funds from the project's wallets.

📓 Lessons left behind

—Delegatecall hands your storage to another contract, gate it tightly.
—Multisig setups still fail if the contract logic is exploitable.
—Audit every privileged proxy and admin call path.

🌱 The idea that survived

Restricted delegatecall

Reinforced the need to strictly constrain and audit delegatecall targets in privileged contracts.

#defi#delegatecall#multisig#logic-bug