UXLink exploit returns as attacker sends $8.1M ETH to Tornado Cash
How is the UXLink attacker able to launch millions of dollars in stolen funds after nine months?
UXLink, a Web 3 social network that was targeted in September 2025, is making headlines once again. According to Specter, an on-chain investigator, the attacker responsible for the UXLink exploit has started relocating the stolen assets.
To obfuscate transaction trails, the wrongdoer converted some of the stolen DAI stablecoins into Ethereum [ETH]. Going forward, the illicit actor then deposited roughly $8.1 million worth of ETH into Tornado Cash.
Funds laundered
According to the investigator, 46 distinct deposits of 100 ETH each were made as part of the laundering process.
For those unaware, this is a common strategy to conflate illegal funds with legal transactions and make blockchain tracing more difficult.
With this most recent action, the attacker has now reportedly laundered a total of $19.1 million in stolen assets.
However, the fact that the exploiter still has control over about $16 million in funds despite these transfers raises the possibility of further laundering.
How was UXLink attacked?
Well, back in September 2025 the exploiter had made over $800 billion, or 9 trillion $UXLINK. Interestingly, even hours after the original exploit, the hacker kept their access and kept minting more tokens.
The exploiter then started moving the proceeds to centralized exchanges and offloading the fraudulent tokens through decentralized exchanges. This in turn resulted in the depletion of Uniswap’s liquidity.
Notably, the attacker did not stop there, and signed a malicious transaction and lost 542 million UXLINK tokens to another malicious actor—often referred to as “theft stolen from theft.”
Even with this setback, the main exploiter still held about 900 million UXLINK tokens, putting a sizable portion of compromised assets in the hands of malicious actors.
What’s more?
This coincded with ETH declining by 1.01% over the previous day to trade at $1,745.11 at press time.
In addition, on the 12th of June Humanity Protocol reported a targeted phishing attack against one of its directors.
This had resulted in the attacker using administrative credentials that were stolen to upgrade contracts, transfer tokens across Ethereum, and mint new $H tokens on the BNB Smart Chain.
Furthermore, on the 15th of June, a suspicious transaction involving the depletion of assets valued at approximately $2.19 million occurred in Aztec Network’s Router contract.
Final Summary
- From September 2025 to the present time, the attackers have reportedly laundered a total of $19.1 million in stolen assets from the UXLink exploit.
- Back then, the exploiter had made over 9 trillion $UXLINK, kept their access, and kept minting more tokens.
