Binance CEO confirms $4.7 million phishing attack on Uniswap V3

Uniswap V3 users suffered a $4.7 million fake token phishing attack. The phishing campaign targeted liquidity providers of the Uniswap v3 protocol, and nearly 73,399 addresses were sent malicious ERC-20 tokens to steal their assets. 

Also read: This is how easy you can get hacked and get your Bitcoin stolen

Phishing attack targets liquidity providers of Uniswap V3 protocol

Changpeng Zhao, the CEO of Binance, told his 6.6 million Twitter followers that Binance’s threat intel detected a potential exploit on Uniswap V3 on the Ethereum blockchain. The hacker stole 4,295 ETH so far and laundered the funds through Tornado Cash. 

CZ told crypto Twitter that Uniswap is a decentralized project with many users and a grandfather for DeFi, so the token was listed. Uniswap was one of the few tokens where Binance’s team had no direct contact information for founders or the project team. 

CZ eventually contacted the Uniswap team and confirmed that the exploit looked like a phishing attack. Uniswap protocol is safe, according to CZ. 

CZ’s conversation with Uniswap Protocol Team

Harry Denley, a security researcher at MetaMask, tracked evidence that the phishing campaign targeted native coins Ethereum, Binance Coin and Uniswap LP positions. The attacker spent 8.5 ETH in transaction fees to reach 74,800 addresses and has another 90.86 ETH more. Attackers had a two-step approach:

• Send your address and browser client info to /66312712367123.com
• Attempts to steal assets

Users lost upwards of $4.7 million in the attack. 

Uniswap price plummeted, posting 10% losses overnight as news of the attack spread on crypto Twitter. FXStreet analysts have identified three volatile altcoins ahead in their recovery rallies. For price targets and details, check this video: