Hackers stole around 7,500 Ether, worth more than $8.1 million (roughly Rs. 64.45 crore), from decentralised exchange Uniswap via a phishing attack. Spotted by several users, including Binance’s threat intelligence department, the hacker managed to impersonate Uniswap’s website and dupe a liquidity pool provider into signing malicious transactions. Uniswap’s liquidity positions on its third iteration are represented as non-fungible tokens (NFTs), which enable users to utilise them as collateral to receive a loan paid out in stablecoins and blue-chip assets.
Binance CEO Changpeng Zhao aka CZ initially tweeted that the platform’s threat intelligence team initially found a potential exploit on Uniswap V3 on the ETH blockchain.
One of the few tokens we listed without requiring direct contact info of the project team. This is where it would have been useful.
— CZ ???? Binance (@cz_binance) July 11, 2022
Zhao stated in his tweet that the hacker has stolen 4,295 ETH so far, and they are “being laundered through Tornado Cash.” As per crypto tracking and compliance platform MistTrack, the stolen ETH count currently stands at 7,500 worth roughly around $8.1 million (roughly Rs. 64.45 crore).
The Binance CEO later had to correct himself after communicating with the Uniswap team that it was not an exploit on Uniswap, but rather a phishing attack.
Connected with the @uniswap team. The protocol is safe.
The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Don’t click on links. ???? pic.twitter.com/FIXebz3iBC
— CZ ???? Binance (@cz_binance) July 11, 2022
“A phishing attack that resulted in some liquidity pool NFTs being taken from individuals who approved malicious transactions,” Uniswap founder Hayden Adams later confirmed in a follow-up tweet. “Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links.”
This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions
Totally separate from the protocol
A good reminder to protect yourself from phishing and not click on malicious links https://t.co/aj3Zh8UKqF
— hayden.eth ???? (@haydenzadams) July 11, 2022
Prior to Zhao alerting users through his tweet, Metamask security analyst Harry Denley informed that 73,399 addresses have been sent a malicious token to target their assets.
As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— harry.eth ???????? (whg.eth) (@sniko_) July 11, 2022
The event data on the blockchain was altered by the scammers to make it seem as though Uniswap was airdropping tokens to platform liquidity providers.
When users connected their wallets to the contract’s website, which resembles Uniswap, native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) were snatched from their wallets.
