UXLink Exploit：管理权错误，黑客被黑客入侵！

Uxlink的安全漏洞导致数百万人被盗。然后，业力？黑客成为网络钓鱼骗局的受害者，失去了战利品。 web3是狂野的！

UXLINK Exploit: Admin Rights Gone Wrong and a Hacker Gets Hacked!

UXLink Exploit：管理权错误，黑客被黑客入侵！

UXLINK, a Web3 social platform, experienced a major security incident. Millions were stolen, but then came a bizarre twist: the hacker got phished! Let's dive into this rollercoaster.

Web3社交平台Uxlink经历了重大安全事件。数百万被盗，但随后发生了一个奇怪的转折：黑客得到了保护！让我们潜入这个过山车。

The Initial Breach: UXLINK Loses Millions

最初的违规：uxlink损失了数百万

It all started when UXLINK confirmed a security breach in its multi-signature wallet. Hackers exploited admin rights, illicitly transferring cryptocurrency to exchanges. Cyvers Alerts reported the attacker removed the admin role and added a new multisig owner before moving millions in USDT, USDC, WBTC, and ETH.

当Uxlink确认其多签名钱包中的安全漏洞时，一切就开始了。黑客利用了管理员权利，将加密货币非法转移到交流中。 Cyvers提醒报告了攻击者删除了管理员的角色，并添加了新的Multisig所有者，然后在USDT，USDC，WBTC和ETH搬迁数百万。

Lookonchain reported the hacker also sold UXLINK tokens on DEXes through six wallets, obtaining roughly $28.1 million. In response, UXLINK warned against trading UXLINK on DEXs and contacted major CEXs to halt trading temporarily.

Lookonchain报道说，黑客还通过六个钱包在Dexes上出售了Uxlink令牌，获得了约2810万美元。作为回应，Uxlink警告不要在DEX上进行uxlink交易，并与主要的CEXS联系以暂时停止交易。

Karma Strikes: The Hacker Gets Phished

业力罢工：黑客受到保护

In a shocking turn of events, the UXLINK hacker became the target of a phishing scam. On-chain data revealed about 542 million UXLINK tokens, worth millions of dollars, were drained from the exploiter’s wallet after they approved access to a malicious contract. Blockchain security analysts discovered the hacker approved a phishing contract, allowing attackers to drain their stolen funds using a simple increase Allowance trick.

在令人震惊的事件中，Uxlink黑客成为网络钓鱼骗局的目标。链上的数据显示，在批准获得恶意合同后，从剥削者的钱包中排出了约5.42亿个Uxlink代币，价值数百万美元。区块链安全分析师发现，黑客批准了网络钓鱼合同，允许攻击者使用简单的增加津贴技巧来耗尽其被盗资金。

How the Phishing Worked

网络钓鱼的工作方式

Attackers created a fake contract that appeared legitimate. When the hacker interacted with it, they unknowingly granted permission for the attacker to move tokens from their wallet. The hacker likely believed they were moving funds to safety or swapping them. Instead, they handed control of their tokens to a phishing address.

攻击者创建了一份合法的假合同。当黑客与之互动时，他们在不知不觉中允许攻击者从钱包中移动令牌。黑客可能认为他们正在将资金搬到安全性或交换它们。取而代之的是，他们将对代币的控制权交给了网络钓鱼地址。

Community Reacts with Amusement

社区娱乐反应

The crypto community reacted with disbelief and humor. Security researcher Cos called the situation “hilarious,” noting that even hackers aren't safe from the tricks they often exploit. Many joked that it was “karma” at work.

加密社区充满了怀疑和幽默的反应。安全研究人员COS称这种情况为“搞笑”，并指出即使是黑客也无法免受经常利用的技巧的安全。许多人开玩笑说这是工作中的“业力”。

UXLINK's Response

uxlink的响应

UXLINK has been working to contain the original breach, coordinating with security experts and exchanges to track stolen funds and freeze suspicious activity. They've also reported the incident to the police and regulators. While the phishing of the exploiter adds a twist, it doesn't resolve the original crisis for UXLINK or its community.

Uxlink一直在努力控制原始的违规行为，与安全专家协调，并交流以跟踪被盗资金并冻结可疑活动。他们还向警察和监管机构报告了这一事件。尽管利用者的网络钓鱼增加了转折，但它并不能解决Uxlink或其社区的原始危机。

Lessons Learned

经验教训

This incident underscores important lessons for the crypto world:

这一事件强调了加密世界的重要课程：

• Security is paramount: Multi-signature wallets are not foolproof.
• Even hackers can be victims: Phishing threats are pervasive.
• Trust no one: Always double-check contracts and permissions.

The Broader Implications

更广泛的含义

The UXLINK hack highlights the risks associated with centralized validator power. The fact that ten validators fell in a single strike suggests that Shibarium’s decentralization was more aspirational than real. This perception may weigh heavily on market confidence.

UXLink黑客攻击与集中验证器功率相关的风险。十个验证者在一次罢工中摔倒的事实表明，什贝里姆的权力下放比真实更具志向意义。这种看法可能会严重影响市场信心。

What's Next for UXLINK?

Uxlink的下一步是什么？

UXLINK faces a long road to recovery. The team must regain user trust and demonstrate a commitment to security. The project's credibility is under pressure, and its future depends on how swiftly and transparently it resolves this breach.

Uxlink面临着漫长的恢复道路。团队必须重新获得用户信任并表现出对安全性的承诺。该项目的信誉承受着压力，其未来取决于它迅速透明地解决了这一违规行为。

So, what have we learned? In the wild west of Web3, even the outlaws aren't safe. Stay vigilant, folks, and maybe double-check that smart contract before you sign off on it. You never know who might be waiting to pull a fast one, even on a hacker!

那么，我们学到了什么？在Web3的野外，即使是违法者也不安全。在您签字之前，请保持警惕，伙计，也许会双重检查该智能合约。您永远不知道谁可能正在等待快速拉一个，即使在黑客上！