More than $ 4.7 million stolen in Uniswap fake token phishing attack

More than $ 4.7 million stolen in Uniswap fake token phishing attack – Mail Bonus


Sophisticated Uniswap v3 protocol targeting campaign (LPs) has seen attackers get away with at least $ 4.7 million Ethereum (ETH). However, the community says that the loss could be even greater.

Metamask security investigator Harry Denley was one of the first to sound the alarm bells for the attack and told his 13,000 Twitter followers on July 11 that 73,399 addresses had been sent malicious ERC-20 tokens to steal their property.

At least $ 4.7 million in ETH has been lost in the attack, according to Twitter entry from Binance CEO Changpeng “CZ” Zhao. However, there are also reports among the cryptocurrency community that there could be more losses due to the invasion.

Prominent Twitter user 0xSisyphus said on July 11 that a “big LP” with about 16,140 ETHs, worth $ 17.5 million, could also have been phishing.

How it works

According to Denley, the phishing attack works by sending unsuspecting users “malicious tokens” called “UniswapLP” – which appears to come from a legitimate “Uniswap V3: Positions NFT” agreement by working with the “From” box in the blockchain business survey. .

Users who are curious about their new tokens would be directed to a website that pretends to allow them to exchange their new tokens for the Uniswap native tokens, UNI, worth $ 5.34 each at the time of writing.

The website would instead send information about the address of users and browser clients to the attackers’ control center, which would also try to empty the cryptocurrency from their wallet.

A Reddit post explaining the attack also revealed that the attackers had stolen native (ETH) tokens, ERC20 tokens and NFT documents (ie Uniswap LP statuses) from victims.

Not an act of heroism

Binance’s CEO, Zhao, created a wave of cryptocurrencies when he first issued a warning about the attack, calling it the ‘possible exploitation’ of the Uniswap protocol on the ETH blockchain.

Connected: Finance redefined: Uniswap goes against the bearish trend, surpassing Ethereum

Zhao explained shortly after the post with another update, sharing a conversation with the Uniswap team, who stated that the attack was part of a phishing attack rather than some protocol issue.

CZ’s initial scary comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $ 5.34. UNI’s price has since recovered to $ 5.48 at the time of writing, but has fallen 11% in 24 hours to 87.8% from its all-time high (NOTE).