Photo Credit: Twitter/ Uniswap
Hackers stole around 7,500 Ether, worth more than $8.1 million (roughly Rs. 64.45 crore), from decentralised exchange Uniswap via a phishing attack. Spotted by several users, including Binance's threat intelligence department, the hacker managed to impersonate Uniswap's website and dupe a liquidity pool provider into signing malicious transactions. Uniswap's liquidity positions on its third iteration are represented as non-fungible tokens (NFTs), which enable users to utilise them as collateral to receive a loan paid out in stablecoins and blue-chip assets.
Binance CEO Changpeng Zhao aka CZ initially tweeted that the platform's threat intelligence team initially found a potential exploit on Uniswap V3 on the ETH blockchain.
One of the few tokens we listed without requiring direct contact info of the project team. This is where it would have been useful.
— CZ ???? Binance (@cz_binance) July 11, 2022
Zhao stated in his tweet that the hacker has stolen 4,295 ETH so far, and they are “being laundered through Tornado Cash.” As per crypto tracking and compliance platform MistTrack, the stolen ETH count currently stands at 7,500 worth roughly around $8.1 million (roughly Rs. 64.45 crore).
Now it's at 7,500 #ETH.
— MistTrack????️ (@MistTrack_io) July 11, 2022
All were sent to @TornadoCash
in transactions of 100 ETH. https://t.co/ciOn6LTu10 pic.twitter.com/GX0kzfTQbV
The Binance CEO later had to correct himself after communicating with the Uniswap team that it was not an exploit on Uniswap, but rather a phishing attack.
Connected with the @uniswap team. The protocol is safe.
— CZ ???? Binance (@cz_binance) July 11, 2022
The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Don't click on links. ???? pic.twitter.com/FIXebz3iBC
“A phishing attack that resulted in some liquidity pool NFTs being taken from individuals who approved malicious transactions,” Uniswap founder Hayden Adams later confirmed in a follow-up tweet. "Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links."
This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions
— hayden.eth ???? (@haydenzadams) July 11, 2022
Totally separate from the protocol
A good reminder to protect yourself from phishing and not click on malicious links https://t.co/aj3Zh8UKqF
Prior to Zhao alerting users through his tweet, Metamask security analyst Harry Denley informed that 73,399 addresses have been sent a malicious token to target their assets.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's
— harry.eth ???????? (whg.eth) (@sniko_) July 11, 2022
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00c
cc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
The event data on the blockchain was altered by the scammers to make it seem as though Uniswap was airdropping tokens to platform liquidity providers.
When users connected their wallets to the contract's website, which resembles Uniswap, native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) were snatched from their wallets.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.