Uniswap V3 Liquidity Pool Hit by Phishing Attack With 7,500 Ether Stolen So Far

Security researcher Harry Denley from MetaMask noted that 73,399 addresses were sent a malicious token.

Uniswap V3 Liquidity Pool Hit by Phishing Attack With 7,500 Ether Stolen So Far

Photo Credit: Twitter/ Uniswap

Uniswap is a central institution of decentralized finance

Highlights
  • A phishing attack has hit a major liquidity pool provider
  • The stolen ETH is being laundered using crypto mixers
  • Binance CEO Changpeng Zhao alerted users about the attack

Hackers stole around 7,500 Ether, worth more than $8.1 million (roughly Rs. 64.45 crore), from decentralised exchange Uniswap via a phishing attack. Spotted by several users, including Binance's threat intelligence department, the hacker managed to impersonate Uniswap's website and dupe a liquidity pool provider into signing malicious transactions. Uniswap's liquidity positions on its third iteration are represented as non-fungible tokens (NFTs), which enable users to utilise them as collateral to receive a loan paid out in stablecoins and blue-chip assets.

Binance CEO Changpeng Zhao aka CZ initially tweeted that the platform's threat intelligence team initially found a potential exploit on Uniswap V3 on the ETH blockchain.

Zhao stated in his tweet that the hacker has stolen 4,295 ETH so far, and they are “being laundered through Tornado Cash.” As per crypto tracking and compliance platform MistTrack, the stolen ETH count currently stands at 7,500 worth roughly around $8.1 million (roughly Rs. 64.45 crore).

The Binance CEO later had to correct himself after communicating with the Uniswap team that it was not an exploit on Uniswap, but rather a phishing attack.

“A phishing attack that resulted in some liquidity pool NFTs being taken from individuals who approved malicious transactions,” Uniswap founder Hayden Adams later confirmed in a follow-up tweet. "Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links."

Prior to Zhao alerting users through his tweet, Metamask security analyst Harry Denley informed that 73,399 addresses have been sent a malicious token to target their assets.

The event data on the blockchain was altered by the scammers to make it seem as though Uniswap was airdropping tokens to platform liquidity providers.

When users connected their wallets to the contract's website, which resembles Uniswap, native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) were snatched from their wallets.


Noise co-founder Amit Khatri joins Orbital, the Gadgets 360 podcast, for a special episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Cryptocurrency, Uniswap, Ether
Shomik Sen Bhattacharjee
Shomik is a senior sub-editor at Gadgets 360. As someone who's screened the consumer tech space for the past four years, he's now shifted focus to the crypto-verse. When not converting currency values in his head, you may find him in an intense five-a-side football match or grinding out the newest Destiny 2 weekly challenge on his Xbox. You can reach him for tips or queries at ShomikB@ndtv.com. More
Ola Electric Unveils NMC 2170 In-House Lithium-ion Cell, Mass Production to Begin by 2023
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.