UXLINK released a complete security review report on the 9·22 asset theft incident

UXLINK CEO Rolland Saf recently published a security incident review report, systematically explaining the asset theft that occurred on September 22, and emphasizing that the incident was neither an internal malicious act by the project team nor a case of 'running away'.

Event Review

The report disclosed that the attack did not stem from vulnerabilities in the contract itself, but was a long-term, organized social engineering attack. The attacker gradually breached the personal devices of several SAFE authorized key holders over several months by disguising as business partners and using **deepfake video conferencing** techniques, stealing sensitive information such as passwords and private keys.

After gaining the relevant permissions, the hackers took control of the old arb-UXLINK smart contract, subsequently illegally issued tokens, and transferred and sold assets, resulting in total losses exceeding 11 million dollars.

Emergency Response and Handling

The incident occurred during the Korea Blockchain Week, with many core members present on-site.

The team acted quickly:

• Coordinated with multiple exchanges

• Notified cooperating security agencies

• Reported to law enforcement agencies in multiple countries

And quickly confirmed:

👉 The attack came from an external hacker organization and not from internal personnel.

Rolland Saf stated that the stolen assets mainly included mainstream assets such as USDT, ETH, and BTC, some of which have been recovered with the help of exchanges and are intended for future repurchase and follow-up processing.