A classy phishing campaign targeting liquidity providers (LPs) from the Uniswap v3 protocol has witnessed attackers make served by a minimum of $4.seven million price of Ethereum (ETH). However, the city is reporting the losses might be increased.
Metamask security investigator Harry Denley was among the first to boost the alarm bells from the attack, telling his 13,000 Twitter supporters on This summer 11 that 73,399 addresses have been sent malicious ERC-20 tokens to steal their assets.
⚠️ By block 151,223,32, there’s been 73,399 address which have been sent a malicious token to focus on their assets, underneath the misconception of the $UNI airdrop according to their LP’s
Activity began ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— harry.eth (whg.eth) (@sniko_) This summer 11, 2022
A minimum of $4.seven million in ETH is lost within the attack, based on a Twitter publish from Binance Chief executive officer Changpeng “CZ” Zhao. However, there’s also reports among the crypto community that there might be higher losses in the incursion.
Prominent crypto Twitter user 0xSisyphus noted on This summer 11 that the “large LP” with around 16,140 ETH, worth $17.5 million, may are also phished.
did a sizable LP get phished?https://t.co/3n6oruM8Hj
the v3 NFTs in 0x09b5 all originated in this wallet that has 16k ETH ($18m) relaxing in it
— Sisyphus (@0xSisyphus) This summer 11, 2022
How it operates
Based on Denley, the phishing attack functions by delivering unsuspecting users a “malicious token” known as “UniswapLP” — designed to appear as from the legitimate “Uniswap V3: Positions NFT” contract by governing the “From” field within the blockchain transaction explorer.
Users interested in their new tokens could be forwarded to an internet site purporting to enable them to swap their new tokens for Uniswap’s native token UNI, worth $5.34 each during the time of writing.
The web site would rather send the users’ address and browser client info towards the attackers’ command center, which may also make an effort to drain cryptocurrency using their wallets.
A Reddit publish also explaining the attack noted the attackers had stolen native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) from victims.
Take note that there’s presently a Phishing scam happening that targets Uniswap V3 LP’s.
It doesn’t seem like a Uniswap protocol hack.
Regardless of what, when you get tokens airdropped for your wallet of ynknown origin – DON’T Communicate with them !!!
— Mel (@belikewater893) This summer 11, 2022
No exploit
Binance’s Chief executive officer Zhao produced some waves within the crypto markets as he first sounded alarms concerning the attack, calling it a “potential exploit” from the Uniswap protocol around the ETH blockchain.
Related: Finance Redefined: Uniswap is the opposite of the bearish trends, overtakes Ethereum
Zhao clarified right after the publish with another update, discussing a discussion using the Uniswap team, who noted the attack was a part of a phishing attack instead of any risk using the protocol.
Associated with the @uniswap team. The protocol is protected.
The attack appears like from the phishing attack. Both teams responded rapidly. Great. Sorry for that alarm.
Learn how to safeguard yourself from phishing. Don’t click links. pic.twitter.com/FIXebz3iBC
— CZ Binance (@cz_binance) This summer 11, 2022
CZ’s initial alarming comments coincided having a sharp stop by the Uniswap cost, which fell to some 24-hour low of $5.34. The cost of UNI has since retrieved following a clarification to $5.48 during the time of writing but continues to be lower 11% in 24 hrs and it is 87.8% lower from the all-time-high (ATH).