CZ’s Warning of Uniswap Exploit Turns Out to Be a Phishing Attack

Binance CEO Changpeng Zhao took to Twitter to share a potential exploit on the Uniswap ETH blockchain. Zhao said that approximately 4295 ETH has been stolen thus far.

According to some sources, the exploit turns out to be a potential phishing campaign. The losses, though, may be substantially higher.

One of the first to sound the alarm about the assault was Harry Denley, a security researcher at Metamask. On July 11, he informed his 13,000 Twitter followers that 73,399 addresses had received fraudulent ERC-20 tokens intended to steal their assets.

Denley claims that the “UniswapLP” “malicious token” used in the phishing assault is sent to unwary users in an attempt to trick them into thinking it is coming from the real “Uniswap V3.

Users who were interested in their new tokens would be sent to a website that claimed to let them exchange their new tokens for UNI, the native currency of Uniswap.

The website would instead attempt to steal the assets from users’ wallets while sending the users’ address and browser client information to the attackers’ command center.

The attackers have spent around 8.5 ETH just on transaction fees to send the fake assets to 74,800 addresses.

The CEO of Binance later clarified that the Uniswap team was quick to respond to the attack. He also added that it was a phishing attack and cautioned users to keep from clicking any links. Following the attack, UNI dropped by 9.9% in the last 24 hours and is currently trading at $5.56.