Skip to content
Active Currencies: 17,345
Market Cap: $2.259T
Bitcoin Dominance: 55.63%
24h Market Cap Change: $0.13

Why the UXLINK hacker’s 14,336 ETH transfers raise fresh questions for DeFi

Despite two distinct on-chain events, DeFi's structural gap remains unchanged.jac

UXLINK exploit and Mining express exploit attackers are now laundering funds

Recent on‑chain activity shows the UXLINK exploiter actively laundering stolen funds to make them harder to trace.

For background, the UXLINK exploit occurred in September 2025. At the time, the hackers took over the project’s multisignature wallet by taking advantage of a ‘delegateCall’ vulnerability.

They created billions of illegal UXLINK tokens, draining about $4.5 million in cryptocurrency assets. The stolen money was then transferred between several wallets and exchanged for DAI (a stablecoin that is pegged to the U.S. dollar) and Ethereum [ETH]. 

UXLINK exploiter launders stolen funds

After the attack, the hacker exchanged the remaining DAI tokens for about 6,000.8 ETH.

UXLINK exploiter
Source: PeckShieldAlert/X

Following which, the exploiter immediately deposited 6,038 ETH into Tornado Cash following the swap. In fact, in the past two weeks, the attacker has deposited 14,336.6 ETH into Tornado Cash. 

Most recently, the attacker laundered stolen assets by converting millions of DAI into ETH and depositing more than $8.1 million worth of ETH into Tornado Cash.

Mining Express faces a similar issue

At the same time, wallets associated with the defunct Mining Express scheme appear to be reallocating long-held assets. The wallet linked to the purported Ponzi scheme changed its holdings into a more liquid stablecoin by exchanging 5,004 ETH for 8.8 million DAI.

For context, Kaze Fuziyama founded Mining Express in 2019. Back then the company allegedly deceived investors with an MLM-based cryptocurrency mining scheme. Soon after that, the company went bankrupt, which pushed the Ukrainian authorities for further investigation in 2022. 

defunct Mining Express scheme
Source: Specter/X

After receiving 4,512 ETH in 2024, the associated wallet staked funds via Lido and Ether.fi before fully unstaking them in May 2026. More recently, about $5.1 million of the $7.5 million was moved to Tornado Cash following the exploitation of the Jaredfromsubway.eth MEV bot. 

Where is the gap?

It’s evident that although the ecosystem facilitates smooth, permissionless asset transfers, it still lacks efficient systems to stop or deal with illegal funds once they are in motion. In fact, once illegal funds are in the DeFi ecosystem, it is still relatively easy to move and hide them. 

Therefore, to safeguard decentralization and user privacy, protocols must strengthen cross‑network coordination and implement real‑time threat detection. 


Final Summary

  • The UXLINK reportedly swapped the remaining 10.54 million DAI for 6,000.8 ETH, and a wallet linked to Mining Express swapped 5,004 ETH for 8.8 million DAI.
  • These, along with other exploits and money laundering, reveal a significant crack in the DeFi ecosystem. 
Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Ishika Kumari

Journalist

Ishika Kumari is a Crypto Analyst at AMBCrypto, specializing in regulatory developments, market dynamics, and blockchain’s real-world impact. She breaks down complex protocols and legislation into practical, easy-to-understand insights.

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.