Important point
- Hackers stole about $ 8.6 million in crypto assets in a targeted phishing attack on Uniswap liquidity providers on Monday.
- Attackers targeted 7,399 Ethereum addresses, but most of their hauls appear to have come from one victim.
- The attacker tricked the victim into approving a malicious transaction by creating a fake UNI airdrop link on a website that mimics Uniswap.
Share this article
On-chain data show that most of the losses were caused by a single Ethereum wallet that provided liquidity for Uniswap.
Uniswap liquidity provider phishing for $ 8.6 million
Hackers have stolen more than $ 8.6 million in crypto assets from the liquidity provider of Uniswap, the world’s largest decentralized exchange.
The incident happened at the end of Monday attacker Sent Malicious token Approximately 7,399 Ethereum addresses that provided liquidity under the guise of the exchange’s native governance token UNI Uniswap.. Victims were directed to a malicious website that mimicked the official Uniswap front end. The phishing site has instructed the victim to request a malicious UNI token as a reward for providing liquidity to the exchange, but when the victim agrees to the claim, the attacker has access to the wallet. Incorrectly approved a transaction that allows. From there, an attacker could transfer tokens and run out of wallets.
Despite targeting a significant number of Uniswap liquidity providers, most of the attackers’ illegal hauling seems to come from a single one. victim.. After accessing the wallet, the attacker stole the NFT representing the victim’s liquidity position in the Uniswap V3’s wBTC / USDC liquidity pool, closed the position and exchanged the asset for ETH. The attackers then launched money laundering via the privacy protection protocol Tornado Cash. Based on on-chain data, attackers laundered more than $ 7,500 ETH worth about $ 8.6 million at the time of the attack.
⚠️ At block 151,223,32, there are 73,399 addresses where malicious tokens targeting assets were sent, $ UNI Airdrop based on their LP
The activity started about 2 hours ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— Harry.eth 🦊 💙 (whg.eth) (@sniko_) July 11, 2022
MetaMask Security Researcher under harry.eth on Twitter Sounded an alarm In the case late Monday. But until a few hours later, Binance CEO Changpeng Zhao independently warned about the same incident, their warnings were largely overlooked.First claim There was an exploit in the Uniswap V3 protocol itself before revoking and confirming his claim. This exploit is the result of a phishing attack.
Phishing attacks are common in the crypto industry. In another series of attacks, scammers unleashed a similar trick during the Drop of Otherside NFT, which Yuga Labs got a lot of attention in May. Seduce victims by setting up malicious links disguised as the Yuga Labs website.They’re done $ 3.7 million..
Disclosure: At the time of writing this, the author of this work owned ETH and several other cryptocurrencies.
