UXLINK Hacker Swaps $6.4M WBTC for ETH, Uses Tornado Cash
A hacker linked to the recent UXLINK protocol exploit has moved significant funds, swapping 92 Wrapped Bitcoin (WBTC) worth about $6.4 million into 3,248 Ether (ETH). The transaction was flagged by blockchain security firm PeckShield on Sept. 26, 2025.
Funds Directed Through Privacy Mixer
Following the swap, the attacker deposited 1,500 ETH into Tornado Cash, a privacy-focused cryptocurrency mixer. This is a common tactic used to obscure the trail of stolen assets, making it harder for analysts and law enforcement to trace them. The remaining ETH from the swap is still being monitored in wallets tied to the hacker.
This latest move is part of a broader effort to launder money from the UXLINK exploit, which happened on Sept. 22, 2025. In that incident, attackers drained around $44 million in various assets from the platform, which is a decentralized identity and social networking protocol built on blockchain.
Timeline of the Exploit
On Sept. 22, UXLINK confirmed a security breach involving unauthorized access to certain smart contract functions. The project paused operations and urged users to revoke contract approvals. PeckShield and other security firms started tracking the stolen funds, which included ETH, stablecoins, and other tokens. The hacker’s decision to convert WBTC into ETH seems strategic because ETH has greater liquidity and works more smoothly with privacy tools like Tornado Cash.
This incident points to the ongoing risks in DeFi and highlights the need for regular security audits. For UXLINK users, the exploit is a reminder to keep an eye on wallet approvals and maybe use hardware wallets for long-term storage. The use of Tornado Cash also brings up the regulatory debates around privacy tools, which have faced sanctions and scrutiny from U.S. and other authorities.
As of now, UXLINK hasn’t announced any recovery plans or compensation for affected users. The project’s native token has been volatile since the breach, but trading volumes are still active.
The movement of $6.4 million in WBTC to ETH and then into Tornado Cash marks a significant step in the hacker’s laundering process. Blockchain analysts are keeping an eye on the remaining wallets, while the crypto community watches for further updates. This case adds to a growing list of high-profile DeFi exploits in 2025, reinforcing the need for stronger security across the ecosystem.
