On Monday, a phishing scam offering fraudulent airdrops managed to steal Uniswap Users with approximately $ 8 million in funding.
The phishing scam promised a free airdrop of 400 UNI tokens (equivalent to about $ 2,200). The user was asked to connect a crypto wallet, sign a transaction and request a malicious airdrop. Once connected, an unknown hacker stole the funds of a malicious user Smart contract..
To date, over 74,000 wallets have interacted with phishing smart contracts, according to data from. Etherscan..
On July 11, hackers launched a malicious attack Smart contractaccording to Etherscan..
In particular, the code for smart contracts deployed on Etherscan has not been validated. This is what most legitimate projects do.
After deployment, hackers tricked users into signing transactions in order to collect airdropped tokens.Instead, this The transaction is Approval transaction,give Hackers access all Uniswap LP (Liquidity Pool) tokens held by the user.
Each time a user adds liquidity to Uniswap, they receive an LP token as a representation of their liquidity position. These tokens are transferable and, like all other tokens, use the ERC-721 token standard. NFT..
Therefore, through the approval transaction, a third party (in this case, a hacker wallet) may spend the money on your behalf.
After gaining access from the last approval transaction, the hacker send on Withdrew all LP tokens and everything in his wallet Liquidity From Uniswap.
Hacker wallet earned about 7,573.94 Ethereum from exploits, according to analysis from Etherscan..
Cryptographic community reacts to Uniswap phishing hacks
“This is a phishing attack and some LPNFTs were obtained from an individual who approved a malicious transaction.” Said Hayden Adams, creator of Uniswap. “Completely separated from the protocol.”
“”As of blocks 151,223,32, there are 73,399 addresses where malicious tokens targeting the asset were sent.$ UNI Airdrop based on their LP,” Tweet Harry Denly, a security engineer at Metamask.
A few hours after Denly’s tweet, Binance CEO Changpeng Zhao also Tweet The issue initially claimed that the DEX protocol was abused.
But later after an explanation from the Uniswap team, he Confirmed It’s certainly a phishing scam and the protocol is secure.
“This seems to be very irresponsible to tweet. This was a phishing campaign, not a misuse of the Uniswap v3 code.” Responded User to Zhao’s first claim.
“”I agree that I do not agree. personally, [6 million] People who shouldn’t spread the panic without first confirming your story,Another user Said Following Zhao’s first tweet.
Despite clarification, UNI prices plummeted More than 10 Over the last 24 hours.
UNI is a governance token Released in 2020 This allows holders to vote and propose various changes made to the Uniswap protocol.
Want to be a crypto expert? Make the most of Decrypt and send it directly to your inbox.
Get the biggest crypto news articles + weekly summaries and more!