Binance CEO confirms $4.7 million phishing attack on Uniswap V3
- Binance’s CZ confirmed that Uniswap V3 was hit by a phishing attack where users lost over $4.7 million of Ethereum.
- MetaMask security researcher Harry Denley raised the alarm as a false impression of a UNI airdrop was created.
- Uniswap price has witnessed double-digit losses in response to the attack.
Uniswap V3 users suffered a $4.7 million fake token phishing attack. The phishing campaign targeted liquidity providers of the Uniswap v3 protocol, and nearly 73,399 addresses were sent malicious ERC-20 tokens to steal their assets.
Also read: This is how easy you can get hacked and get your Bitcoin stolen
Phishing attack targets liquidity providers of Uniswap V3 protocol
Changpeng Zhao, the CEO of Binance, told his 6.6 million Twitter followers that Binance’s threat intel detected a potential exploit on Uniswap V3 on the Ethereum blockchain. The hacker stole 4,295 ETH so far and laundered the funds through Tornado Cash.
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ Binance (@cz_binance) July 11, 2022
CZ told crypto Twitter that Uniswap is a decentralized project with many users and a grandfather for DeFi, so the token was listed. Uniswap was one of the few tokens where Binance’s team had no direct contact information for founders or the project team.
CZ eventually contacted the Uniswap team and confirmed that the exploit looked like a phishing attack. Uniswap protocol is safe, according to CZ.
CZ’s conversation with Uniswap Protocol Team
Harry Denley, a security researcher at MetaMask, tracked evidence that the phishing campaign targeted native coins Ethereum, Binance Coin and Uniswap LP positions. The attacker spent 8.5 ETH in transaction fees to reach 74,800 addresses and has another 90.86 ETH more. Attackers had a two-step approach:
- Send your address and browser client info to /66312712367123.com
- Attempts to steal assets
Users lost upwards of $4.7 million in the attack.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's
— harry.eth (whg.eth) (@sniko_) July 11, 2022
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00c
cc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
Uniswap price plummeted, posting 10% losses overnight as news of the attack spread on crypto Twitter. FXStreet analysts have identified three volatile altcoins ahead in their recovery rallies. For price targets and details, check this video:
Author
Ekta Mourya
FXStreet
Ekta Mourya has extensive experience in fundamental and on-chain analysis, particularly focused on impact of macroeconomics and central bank policies on cryptocurrencies.
