Greater than $4.7M stolen in Uniswap fake token phishing attack

A classy phishing campaign targeting liquidity providers (LPs) from the Uniswap v3 protocol has witnessed attackers make served by a minimum of $4.seven million price of Ethereum (ETH). However, the city is reporting the losses might be increased. 

Metamask security investigator Harry Denley was among the first to boost the alarm bells from the attack, telling his 13,000 Twitter supporters on This summer 11 that 73,399 addresses have been sent malicious ERC-20 tokens to steal their assets.

A minimum of $4.seven million in ETH is lost within the attack, based on a Twitter publish from Binance Chief executive officer Changpeng “CZ” Zhao. However, there’s also reports among the crypto community that there might be higher losses in the incursion.

Prominent crypto Twitter user 0xSisyphus noted on This summer 11 that the “large LP” with around 16,140 ETH, worth $17.5 million, may are also phished.

How it operates

Based on Denley, the phishing attack functions by delivering unsuspecting users a “malicious token” known as “UniswapLP” — designed to appear as from the legitimate “Uniswap V3: Positions NFT” contract by governing the “From” field within the blockchain transaction explorer.

Users interested in their new tokens could be forwarded to an internet site purporting to enable them to swap their new tokens for Uniswap’s native token UNI, worth $5.34 each during the time of writing.

The web site would rather send the users’ address and browser client info towards the attackers’ command center, which may also make an effort to drain cryptocurrency using their wallets.

A Reddit publish also explaining the attack noted the attackers had stolen native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) from victims.

No exploit

Binance’s Chief executive officer Zhao produced some waves within the crypto markets as he first sounded alarms concerning the attack, calling it a “potential exploit” from the Uniswap protocol around the ETH blockchain.

Related: Finance Redefined: Uniswap is the opposite of the bearish trends, overtakes Ethereum

Zhao clarified right after the publish with another update, discussing a discussion using the Uniswap team, who noted the attack was a part of a phishing attack instead of any risk using the protocol.

CZ’s initial alarming comments coincided having a sharp stop by the Uniswap cost, which fell to some 24-hour low of $5.34. The cost of UNI has since retrieved following a clarification to $5.48 during the time of writing but continues to be lower 11% in 24 hrs and it is 87.8% lower from the all-time-high (ATH).

Latest stories

You might also like...