Uniswap Fake Token Phishing Attack Leads to $4.7M Loss
Attackers have looted at least $4.7 million worth of Ethereum from cryptocurrency exchanges through a fraudulent token scam targeting Uniswap v3 (ETH) protocol Liquidity Providers (LPs). From now on, before a next valid advertisement for a new coin is posted, hackers trick people with similar looking advertisements or listings where they can steal money without being easily traced. Fortunately, there are other ways to protect yourself against these types of scams.
Compared to its centralized competitors, the decentralized structure of platforms like Uniswap has several advantages, including free and open token lists that make it easier and more affordable to start new businesses. Therefore, it has become a common and easy target for criminals.
Related Reading | GameStop Launches NFT Marketplace
With the ability to offer transactions between Ethereum (ETH) and multiple ERC-20 tokens, as well as liquidity pools and the ability to earn profit by depositing tokens, Uniswap’s decentralized exchange has become one of the most popular platforms. of the movement.
The Uniswap protocol now comes in three different flavors. V1 and V2 are available as open source and under GPL license. With some minor changes, V3 is open source.
Bitcoin is currently trading at $19,611 on the daily chart | Source: Tradingview.com BTC/USDT chart
Uniswap Fake Token Phishing Attack
Harry Denley, a security researcher at Metamask, was one of the first to alert people to the attack. He posted a tweet on July 11 and said:
At block 151,223 32, 73,399 addresses received a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP.
In another tweet, Denley claims that the “malicious token” used in the phishing attack is provided to unsuspecting customers in an attempt to trick them into thinking it is from the legitimate Uniswap V3. He also said that:
First, the malicious contract contaminates event data so that block explorers index the “From” as the legitimate “Uniswap V3: NFT Positions” contract.
Related Reading | Binance Under Fire: Report Says It Evaded Sanctions and Continued Serving Iranian Clients
Binance CEO Zhao also sounded the alarm about the attack. He called it a “potential exploit” of the Uniswap protocol on the Ethereum blockchain. As his tweet says:
Our threat intelligence has detected a possible exploit in Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far and they are being laundered through Tornado Cash.
Zhao posted an apology shortly after the tweet, including details about his conversation with the Uniswap team. He claimed that the attack was a phishing attack, not a protocol issue, adding that “the protocol is secure.”
Featured image from Flickr and chart from Tradingview.com
- Click to share on Twitter (Opens in a new window)
- Click to share on Facebook (Opens in a new window)
- Click to share on LinkedIn (Opens in a new window)
- Click to share on WhatsApp (Opens in a new window)