Uniswap V3 LPs Lose Millions in Fake Token Phishing Attack

0

Changpeng Zhao, CEO of Binance (CZ) said in a Tweet that their intelligence unit has identified an exploit on Uniswap V3 on the Ethereum blockchain.

Liquidity providers Uniswap (LP) suffered a phishing attack lasting about eight hours. It was a fake token phishing attack in which 73,399 addresses received malicious ERC-20 tokens from which the hacker stole the funds and laundered them through Tornado Cash.

About Uniswap

Uniswap is a decentralized project with a listed token. The Uniswap crypto exchange is primarily used to trade altcoins such as Avalanche and Shiba Inu. It is one of those rare tokens containing limited information for the founding members of the project team.

Uniswap LPs are basically users who receive interest from the exchange for depositing cryptocurrency into its system. The company has approximately 230,000 LPs.

What happened?

On Monday, July 11, unidentified scammers targeted Uniswap LPs and sent them 74,800 of the 230,000 LPs with fake Uniswap tokens. They were directed to a dodgy website where they had to exchange the tokens for crypto, Explain Harry Denley, security researcher at MetaMask.

However, clicking on the link caused an infection and loss of funds from both wallets. Sending these fake tokens cost the attackers 8.5 ether or $9,024 in transaction fees and an additional 90.86 ether.

Denley further disclosed that the attacker targeted native coins including Binance Coin, Ethereum, and Uniswao LP and used a two-step approach. They requested address and browser client information at /66312712367123.com and attempted to steal assets. Around $4.7 million worth of crypto was lost in the attack.

The scam may seem new, but it is related to the previous actions of the exchange. In 2020, he airdropped 400 UNI$ tokens, which are currently worth $2,224. The tokens were sent to every wallet involved in an exchange on Uniswap. At various stages in 2021, crypto whales have received airdrops worth five to six figures.

Binance intervened to stop the attack

Changpeng Zhao, CEO of Binance (CZ) claims in a Tweet that their intelligence unit has identified an exploit on Uniswap V3 on the Ethereum blockchain. Zhao contacted Uniswap and informed the team that the exploit appeared to be a phishing attack.

Binance Intel was eventually contacted to resolve the issue, and the attack was finally stopped on July 11, around 23:00 UTC. The latest update is that the Uniswap protocol is completely safe. However, Uniswap’s price plummeted and the exchange suffered 10% losses overnight due to the attack.

CZ on Twitter having a conversation with Uniswap and alerting customers to the phishing scam

Uniswap response

The crypto exchange released the following statement on Twitter, revealing that there was no exploit and the airdrops caused the losses.

“To be clear: there was no exploit. The protocol has always been – and remains – secure…airdrops that direct you to unofficial domains are likely phishing attempts. We will never dump users without notice on multiple official channels.

Share.

About Author

Comments are closed.