UXLINK Hacker Loses $50 Million in Inferno Drainer Scam

• UXLINK hacker falls for phishing scam and loses $50 million
• Inferno Drainer blamed for attack
• UXLINK confirms exploit and prepares token swap

The attacker responsible for the UXLINK attack ended up falling victim to a phishing scheme. On September 23, Scam Sniffer reported that the hacker lost approximately 542 million UXLINK tokens, valued at over $50 million, after falling for a scam attributed to Inferno Drainer, a well-known "drain-as-a-service" (DaaS) provider.

🚨 ~41 minutes ago, the UXLINK exploiter address appears to have signed a malicious `increaseAllowance` approval to a phishing contract,
resulting in ~542M UXLINK being moved to phishing addresses.

Tx:

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 23, 2025

Yu Xian, co-founder of SlowMist, highlighted that the attack had all the hallmarks of Inferno Drainer, a group that sells phishing kits and operates fake websites. He ironically pointed out that the attacker was tricked by similar mechanisms to those used against UXLINK.

笑死了，UXLINK 黑客可能是被 Inferno Drainer 钓鱼了，盗来的大约 5.42 亿枚 $UXLINK 被 Hell Drainer 用普通授权钓鱼手法钓走了…

UXLINK 黑客授权给钓鱼团伙的 tx

被钓鱼团伙盗走的 tx

我就说怎么链上分析分析着越来越奇怪…

— Cos(余弦)😶‍🌫️ (@evilcos) September 23, 2025

The original UXLINK hack occurred on September 22nd, when the AI-powered Web3 social platform was compromised. Blockchain security firm Cyvers explained that the attack began with the execution of a delegateCall function, allowing the attacker to remove administrative privileges and assume ownership of the smart contract.

🚨ALERT🚨Our system has detected $11.3M in suspicious transactions involving @UXLINKofficial

An ETH address executed a delegateCall, removed the admin role, and called “addOwnerWithThreshold” before transferring $4M $ USDT , $500K $ USDC , 3.7 $WBTC , and 25 $ ETH .
All USDC/USDT were…

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 22, 2025

This movement enabled the theft of approximately $4 million in USDT, $500 in USDC, 25 ETH, and 3,7% of the wrapped Bitcoins. Some of the stablecoins were quickly converted to DAI, with the funds moving between Ethereum and Arbitrum.

A few hours later, another address linked to the attacker received 10 million UXLINK tokens, valued at $3 million, and began selling them on decentralized exchanges. The following day, Lookonchain revealed that the hacker minted 2 billion UXLINK tokens and sold large quantities on centralized exchanges and bEXs, raising 6.732 ETH, approximately $28 million.

UXLINK confirmed the exploit and said it was working with exchanges to freeze stolen assets. The team also contacted PeckShield for support and requested a temporary suspension of the token's trading pairs. In a statement, it said: "We will immediately initiate a token swap plan to ensure the integrity of our token economy. More details and instructions for the token swap will be announced soon."

The episode exposes both the vulnerability of the protocols and the risk that even experienced hackers can become victims of scams in a cryptocurrency market still marked by constant attacks.