More than $4.7M stolen in Uniswap pretend token phishing assault

More than $4.7M stolen in Uniswap fake token phishing attack

A complicated phishing marketing campaign focusing on liquidity suppliers (LPs) of the Uniswap v3 protocol has seen attackers make off with at the very least $4.7 million value of Ethereum (ETH). However, the group is reporting the losses might be even larger. 

Metamask safety researcher Harry Denley was one of many first to lift the alarm bells of the assault, telling his 13,000 Twitter followers on July 11 that 73,399 addresses had been despatched malicious ERC-20 tokens to steal their belongings.

At least $4.7 million in ETH has been misplaced within the assault, in accordance with a Twitter submit from Binance CEO Changpeng “CZ” Zhao. However, there are additionally stories amongst the crypto group that there could also be extra important losses from the incursion.

Prominent crypto Twitter person 0xSisyphus famous on July 11 {that a} “large LP” with round 16,140 ETH, value $17.5 million, could have additionally been phished.

How it really works

According to Denley, the phishing assault works by sending unsuspecting customers a “malicious token” known as “UniswapLP” — made to look as coming from the official “Uniswap V3: Positions NFT” contract by manipulating the “From” discipline within the blockchain transaction explorer.

Users inquisitive about their new tokens could be directed to an internet site purporting to permit them to swap their new tokens for Uniswap’s native token UNI, value $5.34 every on the time of writing.

The web site would as a substitute ship the customers’ handle and browser shopper data to the attackers’ command middle, which might additionally try to empty cryptocurrency from their wallets.

A Reddit submit additionally explaining the assault famous that the attackers had stolen native tokens (ETH), ERC20 tokens, and NFTs (specifically Uniswap LP positions) from victims.

Not an exploit

Binance’s CEO Zhao created some waves within the crypto markets when he first sounded alarms in regards to the assault, calling it a “potential exploit” of the Uniswap protocol on the ETH blockchain.

Related: Finance Redefined: Uniswap goes in opposition to the bearish developments, overtakes Ethereum

Zhao clarified quickly after the submit with one other replace, sharing a dialog with the Uniswap group, who famous the assault was a part of a phishing assault quite than any difficulty with the protocol.

CZ’s preliminary alarming feedback coincided with a pointy drop within the Uniswap worth, which fell to a 24-hour low of $5.34. The worth of UNI has since recovered following the clarification to $5.48 on the time of writing however continues to be down 11% in 24 hours and is 87.8% down from its all-time-high (ATH).