Uniswap was the latest victim of a phishing campaign. The campaign was part of a hack against users on the platform, but it has not been deemed an exploit on the protocol. The phishing campaign was initially identified by the CEO of the Binance exchange, Changpeng Zhao.
Uniswap hit by $4.7M phishing attack
The CEO of Binance posted a tweet on July 12 tagging the Uniswap team to notify them of an exploit of the Uniswap V3 on the Ethereum blockchain. Zhao noted that 4295 Ether tokens had been stolen because of the exploit and were being laundered via the Tornado Cash coin mixer.
Uniswap replied to Zhao, stating that the exploit did not occur on their protocol and that the theft resulted from a phishing campaign. The Uniswap team reassured users that the protocol was functioning well. Zhao posted a screenshot of his chat with the Uniswap team and informed his Twitter followers about ways to prevent phishing attacks.
The initial post by Zhao triggered panic in the market, and the value of Uniswap (UNI) plunged to a 24-hour low of $5.34. However, the panic seems to be subsiding, and the token has recovered to the current price of $5.63, according to CoinGecko.
How the phishing campaign was executed
The phishing campaign was executed in the Uniswap V3 liquidity pool, and the attackers have managed to siphon at least $4.7 million worth of ETH from users. However, it is estimated that the losses could be even higher.
Harry Denley, a MetaMask security researcher, laid out the details of this phishing attack. Denley said that the phishing campaign works by sending malicious tokens known as “UniswapLP” to unsuspecting users. The attackers made it seem like these tokens were being sent by a valid “Uniswap V3: Positions NFT.”
Users who wanted to view these newly sent tokens were lured to visit a website that allegedly allowed them to trade the native UNI tokens for these new tokens. However, after a user visited this website, their address and browser info was sent to the attacker’s command center that would steal tokens from their crypto wallets.
A Reddit crypto discussion on the attack said that the hackers had not only stolen ETH tokens but had also accessed ERC-20 tokens and non-fungible tokens (Uniswap LP positions) from the victims.
Related
Battle Infinity - New Metaverse Game
- Listed on PancakeSwap and LBank - battleinfinity.io
- Fantasy Sports Themed Games
- Play to Earn Utility - IBAT Rewards Token
- Powered By Unreal Engine
- Solid Proof Audited, CoinSniper Verified