Uniswap users lost $4,6 million due to phishing attack

The attackers sent malicious tokens to 73 399 addresses of the protocol’s liquidity providers

12.07.2022 - 13:30

260

2 min

What’s new? Users of the Uniswap V3 protocol were subjected to a phishing attack in which attackers stole 4295 ETH ($4,6 million at the Binance rate as of July 12, 13:15 UTC). MetaMask security researcher Harry Denley was one of the first to report the matter. According to him, a malicious token called UniswapLP was sent to affected liquidity providers (LPs) of the protocol. Such assets were sent to 73 399 addresses.

⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP'sActivity started ~2H ago0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV— harry.eth 🦊💙 (whg.eth) (@sniko_) July 11, 2022

More details about the situation. Users who were interested in the new token were directed to a fake website where the new asset was offered to exchange for Uniswap (UNI). However, after confirming the transaction, the attackers were stealing all funds from users’ wallets.

Even the head of cryptocurrency exchange Binance Changpeng Zhao drew attention to the hack. He contacted the liquidity protocol’s development team and confirmed that it was a phishing attack and not an exploit.

Connected with the @uniswap team. The protocol is safe. The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.Learn to protect yourself from phishing. Don't click on links. 🙏 pic.twitter.com/FIXebz3iBC— CZ 🔶 Binance (@cz_binance) July 11, 2022

Earlier, ahead of the Terra network being relaunched, attackers used a similar scheme. They began sending fake wrapped LUNA 2.0 tokens to holders of the original asset. According to the scammers’ idea, users had to believe that the address from which they received the coins was genuine and send their old LUNA tokens to it for liquidation.

Author: