Jul 12, 2022 Frank Stewskid

Phishing attack targeting Uniswap v3 liquidity providers led to the theft of $4.7 million

A sophisticated phishing attack targeting Uniswap v3 liquidity providers led to the theft of $4.7 million worth of ETH. At first, the attack was interpreted as an exploit of the popular protocol, however, that was quickly debunked by the Uniswap team.

The news on the incident were first shared by MetaMask security researcher Harry Denley who shared on Twitter that 73,399 addresses had received malicious ERC-20 tokens which were used to steal their assets.

The attack was made possible through the malicious UniswapLP token, which was made to appear as legitimate, as the “From” field in the blockchain transaction explorer was manipulated to make it look that the phishing token was coming from the real Uniswap V3:Positions NFT contract. Once the new token was received, users curious about it would be directed to a website claiming to allow them to swap the new token for the Uniswap native UNI token. However, the malicious website would actually send users’ addresses and browser client info to the attackers, which would then attempt to steal digital assets from compromised wallets.

When the news about the incident broke, Binance CEO Changpeng Zhao made a Twitter post stating that there is a “potential exploit” of the Uniswap v3 protocol on the Ethereum blockchain. Later, the Binance CEO clarified that the incident was a phishing attack and not an exploit, following a conversation with the Uniswap team. Due to his initial comments, the Uniswap UNI token fell to its 240-hour low of $5.34, but has since recovered to being only 10% down in the last 24 hours, at the time of writing this article.

Author:

Frank Stewskid

Frank Stewskid

Last updated: Jul 12, 2022

Recent news:

Video Tutorials