- Uniswap quickly responded that that attacker didn’t breach the protocol security but rather conducted a phishing attack.
- Victims falling to the malicious transactions reportedly lost some $8.1 million in total.
Earlier today, Ethereum-based decentralized exchange Uniswap came in news over the news surrounding a potential exploit of its protocol. Binance CEO Changpen Zhao was the first to report on a possible exploit.
Raising, the alarm, CZ tweeted: “Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thanks.”
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ 🔶 Binance (@cz_binance) July 11, 2022
However, the team at Uniswap was quick to respond and found that there was no issue with the protocol security. Instead, it was a phishing attack that led to the theft of the Uniswap V3 protocol. While being in touch with the Binance CEO, Uniswap said:
We scan public blockchains regularly as part of our threat intel. And this set of transactions on Uniswap V3 Positions today fired off alarms. It looks like via Web 2 phishing attacks.
Later, Zhao also confirmed the same and said that the protocol looks “all good”. Putting further light on the matter, Uniswap inventor Hayden Adams wrote:
This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links.
The details of the Uniswap phishing attack
During the phishing attack, the attacker reportedly stole 7,500 ETH worth a staggering $8.1 million. Harry Denley, the security researcher from MetaMask said that 73,399 addresses on Uniswap were sent a malicious token on Monday, July 11. Furthermore, the users were given the impression that they would be rewarded Uniswap tokens.
The hackers sent the victims to a malicious token dubbed UniswapLP. Later, the hackers directed them to a website that noted that the users can swap the malicious token against UNI. The website would later read sensitive information and steal funds from the wallet.
The incident clearly highlights the need for more awareness of phishing attacks. This is a popular way of theft targeting gullible investors. A large number of investors have called prey to it in the past.
As we reported last week, phishing attacks have been on a steep rise this year in 2022. During the second quarter of this year, there was a staggering 170 percent in phishing attacks in comparison to the previous quarter.
The report notes:
Over $2 Billion has been lost in Q1 and Q2 alone, meaning that 2022 has already lost more to hacks and exploits than the entirety of 2021.