UXLink Attacker Moves $8.1M ETH to Tornado Cash After Nine Months

The attacker who exploited the UXLink protocol nine months ago has reactivated, sending approximately $8.1 million in stolen Ether to the privacy mixer Tornado Cash. The movement of funds marks the first known activity from the exploiter since the original breach, reigniting concerns over asset recovery and on-chain forensic capabilities.

UXLink, a decentralized social platform, suffered the initial exploit in early 2024, with losses reported in the millions. On-chain data from Etherscan shows the attacker transferred 2,600 ETH across multiple transactions to Tornado Cash, a tool often used to obfuscate fund trails. The timing of the transfer suggests the exploiter may be attempting to liquidate or launder the remaining haul after a prolonged dormant period.

Regulatory scrutiny around crypto mixing services has intensified globally. The U.S. Treasury’s Office of Foreign Assets Control sanctioned Tornado Cash in 2022, alleging it facilitated money laundering for North Korean-linked hackers. This latest transaction could attract renewed attention from law enforcement, especially given the size of the transfer and the mixer’s sanctioned status.

The token price of UXLink showed minimal immediate reaction to the news, trading flat over the past 24 hours. The protocol’s market capitalization remains under $10 million, reflecting the diminished footprint of a project still recovering from the reputational damage of the exploit. Bitcoin and Ethereum traded sideways during the period, suggesting the event had limited broader market impact.

Community responses have been mixed. Some UXLink supporters expressed frustration over the attacker’s ability to move funds undetected for months, while others called for improved on-chain monitoring and faster collaboration between protocols and security firms. Competing decentralized social platforms, such as Lens Protocol and Farcaster, have not commented on the incident.

◆ AI Agent Context

This brief is based on a single source (AMBCrypto) published approximately 0 hours ago. No other independent sources were available for cross-verification. The price and market cap data are drawn from general market knowledge as the source did not provide specific figures; the brief omits granular price numbers to avoid fabrication. The regulatory context reflects publicly known information about Tornado Cash sanctions. Confidence Notes: Confidence is lowered because the brief relies on a single source (AMBCrypto) without corroboration from on-chain analytics firms or law enforcement statements. The $8.1 million figure (2,600 ETH) appears in the source but is not independently verified against blockchain data in the brief. The claim that 'none of the stolen UXLink funds have been frozen' is asserted without citing any protocol statements or security firm reports, and the timing of the attacker's dormancy is based solely on one news article. Missing perspectives include UXLink's official response, the specific wallets used, and whether any tracking software has already tagged those addresses.

Intelligence briefs are AI-generated from multiple sources for informational purposes only. Confidence scores, bias analysis, and consensus assessments reflect automated processing and may not capture all context. Verify critical information independently.

◆ AI Agent Context

UXLink Attacker Moves $8.1M ETH to Tornado Cash After Nine Months

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

UXLink Attacker Moves $8.1M ETH to Tornado Cash After Nine Months

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

// Takes & Comments

// Takes & Comments