Sophisticated Uniswap v3 protocol targeting campaign (LPs) has seen attackers get away with at least $ 4.7 million Ethereum (ETH). However, the community says that the loss could be even greater.
Metamask security investigator Harry Denley was one of the first to sound the alarm bells for the attack and told his 13,000 Twitter followers on July 11 that 73,399 addresses had been sent malicious ERC-20 tokens to steal their property.
⚠️ As of field 151,223.32, there have been 73,399 addresses that have been sent malicious tokens to target their properties, under false notions of $ UNI airdrop based on their albums
Activity started ~ 2 hours ago
– harry.eth (whg.eth) (@sniko_) July 11, 2022
At least $ 4.7 million in ETH has been lost in the attack, according to Twitter entry from Binance CEO Changpeng “CZ” Zhao. However, there are also reports among the cryptocurrency community that there could be more losses due to the invasion.
Prominent Twitter user 0xSisyphus said on July 11 that a “big LP” with about 16,140 ETHs, worth $ 17.5 million, could also have been phishing.
went big phishing phishing? https: //t.co/3n6oruM8Hj
v3 NFT in 0x09b5 all came from this wallet with 16k ETH ($ 18m) in it
– Sisyphus (@ 0xSisyphus) July 11, 2022
How it works
According to Denley, the phishing attack works by sending unsuspecting users “malicious tokens” called “UniswapLP” – which appears to come from a legitimate “Uniswap V3: Positions NFT” agreement by working with the “From” box in the blockchain business survey. .
Users who are curious about their new tokens would be directed to a website that pretends to allow them to exchange their new tokens for the Uniswap native tokens, UNI, worth $ 5.34 each at the time of writing.
The website would instead send information about the address of users and browser clients to the attackers’ control center, which would also try to empty the cryptocurrency from their wallet.
A Reddit post explaining the attack also revealed that the attackers had stolen native (ETH) tokens, ERC20 tokens and NFT documents (ie Uniswap LP statuses) from victims.
Please keep in mind that there is currently a phishing scam involving Uniswap V3 LPs.
It does not look like a Uniswap protocol hack.
No matter what, if you get tokens sent to your wallet of unknown origin – DO NOT communicate with them !!!
– Mel (@ belikewater893) July 11, 2022
Not an act of heroism
Binance’s CEO, Zhao, created a wave of cryptocurrencies when he first issued a warning about the attack, calling it the ‘possible exploitation’ of the Uniswap protocol on the ETH blockchain.
Connected: Finance redefined: Uniswap goes against the bearish trend, surpassing Ethereum
Zhao explained shortly after the post with another update, sharing a conversation with the Uniswap team, who stated that the attack was part of a phishing attack rather than some protocol issue.
Connected to @uniswap team. The protocol is secure.
The attack looks like a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself against phishing. Do not click on links. image.twitter.com/FIXebz3iBC
– CZ Binance (@cz_binance) July 11, 2022
CZ’s initial scary comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $ 5.34. UNI’s price has since recovered to $ 5.48 at the time of writing, but has fallen 11% in 24 hours to 87.8% from its all-time high (NOTE).
Mail Bonus – #million #stolen #Uniswap #fake #token #phishing #attack