Why the UXLINK hacker’s 14,336 ETH transfers raise fresh questions for DeFi

ambcryptoPublished on 2026-07-05Last updated on 2026-07-05

Abstract

Recent on-chain activity reveals the UXLINK exploiter is actively laundering stolen funds, complicating tracing efforts. The September 2025 hack, which exploited a 'delegateCall' vulnerability to steal roughly $4.5 million, involved converting illicit assets into DAI and Ethereum. Recently, the attacker swapped over 10 million DAI for approximately 6,000.8 ETH and has deposited a total of 14,336.6 ETH into the privacy mixer Tornado Cash in recent weeks, including over $8.1 million worth in a single move. Simultaneously, wallets connected to the defunct Mining Express Ponzi scheme have been converting long-held assets, swapping 5,004 ETH for 8.8 million DAI. Following a separate exploit of the Jaredfromsubway.eth MEV bot, about $5.1 million was also routed to Tornado Cash. These incidents underscore a critical vulnerability in DeFi: while enabling permissionless transfers, the ecosystem lacks effective mechanisms to halt or manage illicit funds once in motion, allowing them to be moved and concealed relatively easily. This highlights the need for strengthened cross-network coordination and real-time threat detection to better safeguard the space.

Recent on‐chain activity shows the UXLINK exploiter actively laundering stolen funds to make them harder to trace.

For background, the UXLINK exploit occurred in September 2025. At the time, the hackers took over the project’s multisignature wallet by taking advantage of a ‘delegateCall’ vulnerability.

They created billions of illegal UXLINK tokens, draining about $4.5 million in cryptocurrency assets. The stolen money was then transferred between several wallets and exchanged for DAI (a stablecoin that is pegged to the U.S. dollar) and Ethereum [ETH].

UXLINK exploiter launders stolen funds

After the attack, the hacker exchanged the remaining DAI tokens for about 6,000.8 ETH.

Source: PeckShieldAlert/X

Following which, the exploiter immediately deposited 6,038 ETH into Tornado Cash following the swap. In fact, in the past two weeks, the attacker has deposited 14,336.6 ETH into Tornado Cash.

Most recently, the attacker laundered stolen assets by converting millions of DAI into ETH and depositing more than $8.1 million worth of ETH into Tornado Cash.

Mining Express faces a similar issue

At the same time, wallets associated with the defunct Mining Express scheme appear to be reallocating long-held assets. The wallet linked to the purported Ponzi scheme changed its holdings into a more liquid stablecoin by exchanging 5,004 ETH for 8.8 million DAI.

For context, Kaze Fuziyama founded Mining Express in 2019. Back then the company allegedly deceived investors with an MLM-based cryptocurrency mining scheme. Soon after that, the company went bankrupt, which pushed the Ukrainian authorities for further investigation in 2022.

Source: Specter/X

After receiving 4,512 ETH in 2024, the associated wallet staked funds via Lido and Ether.fi before fully unstaking them in May 2026. More recently, about $5.1 million of the $7.5 million was moved to Tornado Cash following the exploitation of the Jaredfromsubway.eth MEV bot.

Where is the gap?

It’s evident that although the ecosystem facilitates smooth, permissionless asset transfers, it still lacks efficient systems to stop or deal with illegal funds once they are in motion. In fact, once illegal funds are in the DeFi ecosystem, it is still relatively easy to move and hide them.

Therefore, to safeguard decentralization and user privacy, protocols must strengthen cross‐network coordination and implement real‐time threat detection.


Final Summary

  • The UXLINK reportedly swapped the remaining 10.54 million DAI for 6,000.8 ETH, and a wallet linked to Mining Express swapped 5,004 ETH for 8.8 million DAI.
  • These, along with other exploits and money laundering, reveal a significant crack in the DeFi ecosystem.

Trending Cryptos

Related Questions

QWhat vulnerability did the hackers exploit to carry out the UXLINK attack in September 2025?

AThe hackers took advantage of a 'delegateCall' vulnerability to take over the project's multisignature wallet.

QHow did the UXLINK exploiter launder the stolen funds, and what tool was primarily used?

AThe exploiter laundered the funds by converting stolen DAI into ETH and then depositing the ETH into the privacy mixer Tornado Cash. Over two weeks, they deposited 14,336.6 ETH into Tornado Cash.

QWhat was the Mining Express scheme, and how are its associated wallets currently moving assets?

AMining Express was an MLM-based cryptocurrency mining Ponzi scheme founded in 2019. Associated wallets are now reallocating long-held assets, such as swapping 5,004 ETH for 8.8 million DAI and moving funds to Tornado Cash.

QWhat key problem in the DeFi ecosystem does the article highlight based on these incidents?

AThe article highlights that while DeFi facilitates permissionless transfers, it lacks efficient systems to stop or deal with illegal funds once they are in motion, making it relatively easy to move and hide stolen assets.

QWhat solutions does the article suggest to address the vulnerabilities exposed by these exploits?

AThe article suggests that protocols must strengthen cross-network coordination and implement real-time threat detection to safeguard decentralization and user privacy.

Related Reads

Li Fei-Fei's Latest Long-Form Article: When Video Generation, Robotics, and NVIDIA All Call Themselves World Models, We Need a Taxonomy

In a new article, Dr. Fei-Fei Li addresses the widespread and often inconsistent use of the term "world model" in AI. She proposes a clear, functional taxonomy rooted in the classic Partially Observable Markov Decision Process (POMDP) loop (agent → action → state → observation → agent). According to this framework, current systems called "world models" are different projections of this loop, categorized by their primary output: 1. **Renderers**: Output observations (pixels). Their goal is visual fidelity for human consumption (e.g., video generation models like Sora). They are the most commercially mature but are limited by a focus on appearance over physical accuracy. 2. **Simulators**: Output states (geometric, physical, dynamic representations). They provide a structurally accurate world for both human professionals (e.g., architects) and computational agents (e.g., robots for training). Li argues simulators are the crucial, underappreciated bridge, as they can underpin both rendering and planning. 3. **Planners**: Output actions. Given an observation and a goal, they decide what an agent should do next (e.g., robotic action models). This area is highly promising but remains the least mature for real-world deployment. Li highlights a key trend: the boundaries between these three categories are beginning to blur, as they all rely on a shared underlying understanding of geometry, physics, and dynamics. The logical endpoint is a unified world foundation model capable of switching between rendering, simulation, and planning based on downstream needs. This convergence, she concludes, is central to advancing spatial intelligence—enabling machines not just to talk about the world, but to truly understand, imagine, and interact with it.

marsbit1h ago

Li Fei-Fei's Latest Long-Form Article: When Video Generation, Robotics, and NVIDIA All Call Themselves World Models, We Need a Taxonomy

marsbit1h ago

Forbes Feature: Stablecoin Cross-Border Payments Are Faster, But Not Yet Cheaper

A Forbes feature delves into the state of stablecoin-based cross-border payments, noting rapid growth but a key shortfall: while faster and more accessible, they are not yet cheaper. At a recent industry conference in Mexico City, optimism about technology, regulation, and volume was tempered by discussions with practitioners. The core issue is liquidity. Traditional FX brokers charge 60-70 basis points, and stablecoins promise to slash this to 2-5 basis points. However, this theoretical cost advantage cannot be realized until deep liquidity pools are established at scale, requiring significant institutional capital inflow. A major adoption barrier is trust. Businesses often rely on long-standing relationships with traditional brokers, valuing reliability over marginal cost savings. This shift will be gradual. Furthermore, successful companies in the space are not positioning themselves as replacements for legacy systems like SWIFT, but as complements. They leverage stablecoins for speed while using traditional rails for their standardization and reliability in ensuring accurate payment details—a critical factor for supplier payments to avoid customs issues. Companies like Caliza, experiencing high monthly growth, exemplify this hybrid approach. The industry anticipates consolidation, as long-term viability will depend on securing the essential trifecta: proper licensing, robust fiat on/off-ramps, and deep liquidity. Without these, firms risk being mere intermediaries rather than building sustainable businesses.

marsbit1h ago

Forbes Feature: Stablecoin Cross-Border Payments Are Faster, But Not Yet Cheaper

marsbit1h ago

Li Feifei's Latest Article: When Video Generation, Robotics, and NVIDIA All Claim to Have 'World Models,' We Need a Taxonomy

"World Model" has become a widely used yet ambiguous term in AI. Drawing from the classic POMDP framework (agent → action → state → observation), this article proposes a functional taxonomy to clarify the concept. It identifies three distinct types, categorized by their output in the perception-action loop: 1. **Renderers**: Output visual observations (pixels). These models, like advanced video generators, prioritize visual fidelity but often lack underlying physical accuracy. 2. **Simulators**: Output the state of the world (geometry, physics, dynamics). They provide a structurally accurate representation for professionals (e.g., architects) and serve as training environments for robots and AI agents. 3. **Planners**: Output actions. Given an observation and a goal, they determine what an agent should do next, closing the perception-action loop (e.g., vision-language-action models). While renderers are currently the most commercially mature and planners are the most aspirational, the article argues that **simulators are the crucial, underappreciated hub**. By working at the level of geometry and physics, a simulator can project upwards to create visuals for humans and downwards to predict action consequences for agents. The future lies in the convergence of these three functions. Emerging research and products, like World Labs' Marble model which outputs both visual splats and physical collision meshes, are beginning to blur these boundaries. The logical endpoint is a unified world foundation model capable of rendering, simulating, and planning based on a shared understanding of spatial and temporal structures—ultimately enabling machines to understand, imagine, and interact with the physical world.

链捕手1h ago

Li Feifei's Latest Article: When Video Generation, Robotics, and NVIDIA All Claim to Have 'World Models,' We Need a Taxonomy

链捕手1h ago

Trading

Spot

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of ETH (ETH) are presented below.

活动图片