Uniswap was the latest victim of a phishing campaign. The campaign was part of a hack against users on the platform, but it has not been deemed an exploit on the protocol. The phishing campaign was initially identified by the CEO of the Binance exchange, Changpeng Zhao.
Uniswap hit by $4.7M phishing attack
The CEO of Binance posted a tweet on July 12 tagging the Uniswap team to notify them of an exploit of the Uniswap V3 on the Ethereum blockchain. Zhao noted that 4295 Ether tokens had been stolen because of the exploit and were being laundered via the Tornado Cash coin mixer.
However, Uniswap responded to Zhao, saying that the exploit had not happened on the protocol, but the theft had happened because of a phishing campaign. The Uniswap team assured its users that the protocol was working smoothly. Zhao shared a screenshot of the conversation with the Uniswap team and educated his Twitter followers on how they can avoid phishing attacks.
The initial post by Zhao triggered panic in the market, and the value of Uniswap (UNI) plunged to a 24-hour low of $5.34. However, the panic seems to be subsiding, and the token has recovered to the current price of $5.63, according to CoinGecko.
How the phishing campaign was executed
The phishing campaign was executed in the Uniswap V3 liquidity pool, and the attackers have managed to siphon at least $4.7 million worth of ETH from users. However, it is estimated that the losses could be even higher.
Harry Denley, a MetaMask security researcher, laid out the details of this phishing attack. Denley said that the phishing campaign works by sending malicious tokens known as “UniswapLP” to unsuspecting users. The attackers made it seem like these tokens were being sent by a valid “Uniswap V3: Positions NFT.”
Users who wanted to view these newly sent tokens were lured to visit a website that allegedly allowed them to trade the native UNI tokens for these new tokens. However, after a user visited this website, their address and browser info was sent to the attacker’s command center that would steal tokens from their crypto wallets.
Battle Infinity - New Metaverse Game
- Listed on PancakeSwap and LBank - battleinfinity.io
- Fantasy Sports Themed Games
- Play to Earn Utility - IBAT Rewards Token
- Powered By Unreal Engine
- Solid Proof Audited, CoinSniper Verified