UXLINK: Admin key compromise → delegateCall admin takeover + unauthorized infinite token minting

An attacker seized UXLINK's multisig via delegateCall, drained $18M from the treasury, minted 10 trillion unauthorized tokens for another $23M — then got phished themselves by Inferno Drainer.

Occurred 2025-09-22 Loss $41M Status closed

Summary #

UXLINK suffered a Web3 Social / Treasury on 2025-09-22, resulting in a loss of approximately $41M.

What happened #

An attacker seized UXLINK's multisig via delegateCall, drained $18M from the treasury, minted 10 trillion unauthorized tokens for another $23M — then got phished themselves by Inferno Drainer.

Linked factors #

RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — delegateCall used to remove admins and install attacker as new owner]