Why the UXLINK hacker’s 14,336 ETH transfers raise fresh questions for DeFi

Blockonomics
Coinbase


Recent on‑chain activity shows the UXLINK exploiter actively laundering stolen funds to make them harder to trace.

For background, the UXLINK exploit occurred in September 2025. At the time, the hackers took over the project’s multisignature wallet by taking advantage of a ‘delegateCall’ vulnerability.

They created billions of illegal UXLINK tokens, draining about $4.5 million in cryptocurrency assets. The stolen money was then transferred between several wallets and exchanged for DAI (a stablecoin that is pegged to the U.S. dollar) and Ethereum [ETH]. 

UXLINK exploiter launders stolen funds

After the attack, the hacker exchanged the remaining DAI tokens for about 6,000.8 ETH.

coinbase
UXLINK exploiterUXLINK exploiter
Source: PeckShieldAlert/X

Following which, the exploiter immediately deposited 6,038 ETH into Tornado Cash following the swap. In fact, in the past two weeks, the attacker has deposited 14,336.6 ETH into Tornado Cash. 

Most recently, the attacker laundered stolen assets by converting millions of DAI into ETH and depositing more than $8.1 million worth of ETH into Tornado Cash.

Mining Express faces a similar issue

At the same time, wallets associated with the defunct Mining Express scheme appear to be reallocating long-held assets. The wallet linked to the purported Ponzi scheme changed its holdings into a more liquid stablecoin by exchanging 5,004 ETH for 8.8 million DAI.

For context, Kaze Fuziyama founded Mining Express in 2019. Back then the company allegedly deceived investors with an MLM-based cryptocurrency mining scheme. Soon after that, the company went bankrupt, which pushed the Ukrainian authorities for further investigation in 2022. 

defunct Mining Express schemedefunct Mining Express scheme
Source: Specter/X

After receiving 4,512 ETH in 2024, the associated wallet staked funds via Lido and Ether.fi before fully unstaking them in May 2026. More recently, about $5.1 million of the $7.5 million was moved to Tornado Cash following the exploitation of the Jaredfromsubway.eth MEV bot. 

Where is the gap?

It’s evident that although the ecosystem facilitates smooth, permissionless asset transfers, it still lacks efficient systems to stop or deal with illegal funds once they are in motion. In fact, once illegal funds are in the DeFi ecosystem, it is still relatively easy to move and hide them. 

Therefore, to safeguard decentralization and user privacy, protocols must strengthen cross‑network coordination and implement real‑time threat detection. 


Final Summary

  • The UXLINK reportedly swapped the remaining 10.54 million DAI for 6,000.8 ETH, and a wallet linked to Mining Express swapped 5,004 ETH for 8.8 million DAI.
  • These, along with other exploits and money laundering, reveal a significant crack in the DeFi ecosystem. 



Source link

Bybit

Be the first to comment

Leave a Reply

Your email address will not be published.


*