Wednesday, October 5, 2022

Over $4.7M Lost to Phishing Attack on Uniswap LP

Popular Decentralized Finance (DeFi) exchange protocol Uniswap has suffered a phishing attack. Users lost 7,500 ETH in the phishing attack targeted at liquidity providers (LPs) of the Uniswap V3 protocol.

According to a tweet from Binance CEO Changpeng Zhao, as much as 4295 ETH valued at over $4.7 million had been lost as of the time of his tweet.

However, reports from the Twitter crypto community suggest the loss could be more. A big LP holding about 16,140 ETH, worth $17.5M was also affected, according to a Twitter user.

In an earlier tweet, Zhao called it a potential exploit on Uniswap V3. This unsettling comment resulted in a drop in the price of Uniswap’s native token UNI.

However, after reaching out to the Uniswap team, he confirmed it was a successful phishing attack connected to Uniswap V3. He went on to apologize for the false alarm and said the protocol was safe. The price of the UNI slightly recovered after the clarification.

Similarly Uniswap’s CEO Hayden Adams said the protocol is safe as the phishing attack is separate from the protocol. Adams went on to advise users to be wary of clicking malicious links in the wake of the phishing attack.

How the attack happened 

According to Metamask security analyst Harry Denley, the hackers sent unsuspecting users malicious tokens. The hackers sent the phony tokens disguised as Uniswap LP to 73,399 addresses.

Shortly after accessing the phony tokens, it redirected users to a new website. The website contains users’ details which hackers use to drain assets from the wallets of the victims.

Afterward, the hackers then move the stolen funds into Tornado Cash, a decentralized mixer protocol to cover their trail.

Other phishing attacks

Phishing attacks have become common in the Web3 space as it is relatively easy to carry out. In June, the Bored Ape Yacht Club’s (BAYC) Discord server was hacked. The attackers made away with Non-fungible tokens (NFTs) valued at 200 ETH via phishing links.

Also in May, popular NFT game Axie infinity’s Discord server was attacked. The attack resulted in the breach of its MEE6 bot. The attackers then used the breached MEE6 bot to distribute phishing links advertising a free mint.

Joyce Onose
A Blockchain enthusiast and growing writer in the space with an understanding of the importance in creating quality content for readers in the industry. Also, keen on using her skills in improving Blockchain journalism.

Related Articles

Stay Connected

0FansLike
0FollowersFollow
2,043FollowersFollow

Latest Articles

%d bloggers like this: