Jul 12, 2022 Frank Stewskid
Phishing attack targeting Uniswap v3 liquidity providers led to the theft of $4.7 million
A sophisticated phishing attack targeting Uniswap v3 liquidity providers led to the theft of $4.7 million worth of ETH. At first, the attack was interpreted as an exploit of the popular protocol, however, that was quickly debunked by the Uniswap team.
The news on the incident were first shared by MetaMask security researcher Harry Denley who shared on Twitter that 73,399 addresses had received malicious ERC-20 tokens which were used to steal their assets.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's
— harry.eth 🦊💙 (whg.eth) (@sniko_) July 11, 2022
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00c
cc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
The attack was made possible through the malicious UniswapLP token, which was made to appear as legitimate, as the “From” field in the blockchain transaction explorer was manipulated to make it look that the phishing token was coming from the real Uniswap V3:Positions NFT contract. Once the new token was received, users curious about it would be directed to a website claiming to allow them to swap the new token for the Uniswap native UNI token. However, the malicious website would actually send users’ addresses and browser client info to the attackers, which would then attempt to steal digital assets from compromised wallets.
When the news about the incident broke, Binance CEO Changpeng Zhao made a Twitter post stating that there is a “potential exploit” of the Uniswap v3 protocol on the Ethereum blockchain. Later, the Binance CEO clarified that the incident was a phishing attack and not an exploit, following a conversation with the Uniswap team. Due to his initial comments, the Uniswap UNI token fell to its 240-hour low of $5.34, but has since recovered to being only 10% down in the last 24 hours, at the time of writing this article.