More than $4.7M stolen in Uniswap fake token phishing attack

Published at: July 12, 2022

A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers make off with at least $4.7 million worth of Ether (ETH). However, the community is reporting the losses could be even greater. 

MetaMask security researcher Harry Denley was one of the first to raise the alarm bells of the attack, telling his 13,000 Twitter followers on Monday that 73,399 addresses had been sent malicious ERC-20 tokens to steal their assets.

⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP'sActivity started ~2H ago0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV

— harry.eth (whg.eth) (@sniko_) July 11, 2022

At least $4.7 million in ETH has been lost in the attack, according to a Twitter post from Binance CEO Changpeng “CZ” Zhao. However, there are also reports among the crypto community that there may be more significant losses from the incursion.

Prominent Crypto Twitter user 0xSisyphus noted on Monday that a “large LP” with around 16,140 ETH, worth $17.5 million, may have also been phished.

did a large LP get phished?https://t.co/3n6oruM8Hjthe v3 NFTs in 0x09b5 all originated from this wallet which has 16k ETH ($18m) sitting in it

— Sisyphus (@0xSisyphus) July 11, 2022

How it works

According to Denley, the phishing attack works by sending unsuspecting users a “malicious token” called “UniswapLP” — made to appear as coming from the legitimate “Uniswap V3: Positions NFT” contract by manipulating the “From” field in the blockchain transaction explorer.

Users curious about their new tokens would be directed to a website purporting to allow them to swap their new tokens for Uniswap (UNI), worth $5.34 each at the time of writing.

The website would instead send the users’ address and browser client info to the attackers’ command center, which would also attempt to drain cryptocurrency from their wallets.

A Reddit post also explaining the attack noted that the attackers had stolen native tokens such as Ether, ERC-20 tokens and nonfungible tokens (NFTs) (namely Uniswap LP positions) from victims.

On Wednesday, Uniswap Labs added its own detailed explanation on Twitter about how the scam worked, emphasizing that the incident was part of a phishing scam, not an exploit. 

1/ Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today. To be clear: there was no exploit. The Protocol always was — and remains — secure. Here’s what happened.

— Uniswap Labs (@Uniswap) July 12, 2022

Not an exploit

Binance’s CEO Zhao created some waves in the crypto markets when he first sounded alarms about the attack, calling it a “potential exploit” of the Uniswap protocol on the Ethereum blockchain.

Related: Finance Redefined: Uniswap goes against the bearish trends, overtakes Ethereum

Zhao clarified soon after the post with another update, sharing a conversation with the Uniswap team, who noted the attack was part of a phishing attack rather than any issue with the protocol.

Connected with the @uniswap team. The protocol is safe. The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.Learn to protect yourself from phishing. Don't click on links. pic.twitter.com/FIXebz3iBC

— CZ Binance (@cz_binance) July 11, 2022

CZ’s initial alarming comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $5.34. The price of UNI has since recovered following the clarification to $5.48 at the time of writing but is still down 11% in 24 hours and is 87.8% down from its all-time-high.

Update: Added the Twitter thread from Uniswap Labs explaining how the phishing scam works. 

Tags
Blockchain
Business
Tokens
Hacks
Uniswap
Phishing
Related Posts
Decentralized blockchain aims for Ethereum and DEX compatibility with new wrapped token
Free TON is a multi-blockchain platform that can handle thousands of transactions per second thanks to its dynamic sharding mechanisms, which create new shards as needed. As a result, it is the fastest blockchain available, according to developers. Despite that, the Free TON blockchain is still in the early stages of attracting DApp developers to its platform. Even with its scalability, an important task at this stage is to bring more liquidity to the platform. To do that, developers have announced the launch of Wrapped TON, a tradable TIP-3 token built on its native TON Crystal token. With the ability …
Decentralization / April 21, 2021
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Yuga Labs’ BAYC, OtherSide Discord groups breached, over 145 ETH stolen
Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack, with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing. OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs. BAYC & OtherSide discords got compromised‼️ Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in …
Blockchain / June 5, 2022
Ankr says no one should trade aBNBc, only LPs "caught off guard" will be compensated
Following yesterday's confirmed multi-million dollar exploit, BNB Chain based protocol Ankr took to its company blog on Dec. 2 to relay its next steps to users. The team said it was identifying liquidity providers to decentralized exchanges as well as protocols supporting aBNBc or aBNBb LP. The group also said it is assessing aBNBc collateral pools, such as Midas and Helio. According to the post, Ankr intends to purchase $5 million worth of BNB, which it will use to compensate liquidity providers affected by the exploit. However, the company said it only intends to compensate LPs who were "caught off …
Technology / Dec. 2, 2022
MetaMask issues scam alert as NameCheap hacker sends unauthorized emails
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
Blockchain / Feb. 13, 2023