The decentralized social platform UXLink said on Wednesday that it deployed a new Ethereum contract after a multisignature portfolio feat allowed attackers to reach billions of unauthorized tokens and to plant the value of its indigenous assets.
Uxlink said his new intelligent contract had adopted a security audit and would be deployed on the Mainnet Ethereum. The project said the new contract had abandoned the mint burns to prevent any similar incident in the future.
The project confirmed the violation on Tuesday, saying that a significant quantity of crypto had been transferred to the exchanges. Estimates of hacking losses vary, the cywrite alerts believing that it saw at least $ 11 million stolen, and Hacken placing the figure at more than $ 30 million.
What is clear is that the incident has highlighted the safety defects of intelligent contracts that projects should tackle. Marwan Hachem, co-founder and CEO of the Web 3 security company, Fearsoff, told Cintelegraph that the incident had highlighted the risks of rushing without the necessary security layers.
Uxlink exploit highlights the risks of “centralized control”
The attackers took control of the Uxlink intelligent contract thanks to a multisigal portfolio violation and initially struck 2 billion UXLink tokens. The price of the token dropped 90% from $ 0.33 to $ 0.033 while the striker continued to strike, the security company Hacken estimating nearly 10 bugs of token was created.
Hachem told Cointtelegraph that the UXLink violation came from a vulnerability of delegated call in their multisignature portfolio. This allowed the pirate to execute the arbitrary code and to regain administrative control of the contract. He added that it led to the strike of unauthorized tokens.
“It really highlights certain design flaws in the configuration of Uxlink,” said Hachem at Cointelegraph. “A multisignature portfolio that was not properly protected from delegated call exploits, lax checks that could mononate and no integrated code to apply the power ceiling.”
Hachem said it showed how risky it was to “keep a control too centralized in projects that claim to be decentralized”.
In relation: Crypto.com says that the report of the User Data Leak not disclosed “ unusual ” ‘
The need for timelocks, hard -coded caps and better audits
From a technical point of view, Hachem said that the UXLink hack could have been avoided with some standard guarantees.
This included the addition of timelocks to sensitive actions such as the drop in new tokens or the modification of the contractual property. “A period of 24 to 48 hours gives the community a chance to identify everything that is unusual before it is underway,” said Hachem.
The second solution included the renunciation of penance privileges once the tokens have been launched, so that even the initiates cannot create more. Hachem said that the hard coding supply ceilings directly on smart contracts would prevent the risk of new bewitches struck.
On the operational side, Hachem stressed the importance of independent journals and continuous transparency.
“You cannot just audit the token contract. The multisig configuration also needs a meticulous exam,” he said, urging projects to make the portfolio addresses public and require several signatories on each transaction.
The wider lesson, according to Hachem, was that even tools commonly used as multisig wallets should not be treated as balls. He said the push for more decentralized governance and emergency stops for critical functions were also of the utmost importance.
“Uxlink’s incident stresses that rushing without solid and in progress can break the confidence of the community. It is better to superimpose the defenses from the start,” Hachem told Cointelegraph.
Review: XRP is the most efficient asset in Thailand, Shanghai Dumps Fil: Asia Express
