The attackers sent malicious tokens to 73 399 addresses of the protocol’s liquidity providers

Uniswap users lost $4,6 million due to phishing attack

12.07.2022 - 13:30

245

2 min

What’s new? Users of the Uniswap V3 protocol were subjected to a phishing attack in which attackers stole 4295 ETH ($4,6 million at the Binance rate as of July 12, 13:15 UTC). MetaMask security researcher Harry Denley was one of the first to report the matter. According to him, a malicious token called UniswapLP was sent to affected liquidity providers (LPs) of the protocol. Such assets were sent to 73 399 addresses.

More details about the situation. Users who were interested in the new token were directed to a fake website where the new asset was offered to exchange for Uniswap (UNI). However, after confirming the transaction, the attackers were stealing all funds from users’ wallets.

Even the head of cryptocurrency exchange Binance Changpeng Zhao drew attention to the hack. He contacted the liquidity protocol’s development team and confirmed that it was a phishing attack and not an exploit.

Earlier, ahead of the Terra network being relaunched, attackers used a similar scheme. They began sending fake wrapped LUNA 2.0 tokens to holders of the original asset. According to the scammers’ idea, users had to believe that the address from which they received the coins was genuine and send their old LUNA tokens to it for liquidation.

Author:

Vasiliy Smirnov Vasiliy Smirnov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy