Alert! Another Phishing Attack: Uniswap Lose Over $8M Worth of Ethereum

Uniswap V3 have suffered a phishing attack this morning. According toTokenview, the attacker has stolen over 7,573 ETH, worth about $8.1 million.

1

Binance CEO CZ tweeted that hackers stole 4,295 ETH from Uniswap V3. CZ initially explained the attack as Uniswap V3’s protocol itself, but it was quickly clarified that it was a phishing campaign.

Uniswap founder Hayden Adams also confirmed that the attack was not related to Uniswap protocol, but was a phishing attack. Some LP NFTs being taken from individuals who approved malicious transactions, completely unrelated to Uniswap protocol itself. Again, users are reminded not to click on malicious links.

UNI tokens are down to $5.57 at the time of writing, down 6.9% in 24 hours, according to the latest Tokenview price data.

Uniswap has lost over 7,573 ETH, worth approximately $8 million, in this phishing attacks, according to Tokenview.

The attackers then laundered 7,500 ETH in batches (per 100ETH)through TornadoCash.

https://eth.tokenview.com/en/address/0x09b5027ef3a3b7332ee90321e558bad9c4447afa

MetaMask security analyst Harry Denley tweeted that there was evidence that the attack was purely aimed at native token (ETH, BNB) and Uniswap LP positions.

Denley was one of the first to sound the alarm about the attack. In total, the attack hit about 73,399 addresses by airdropping malicious links disguised as UNI in an attempt to get users to sign up.

According to Denley, phishing attacks work by sending users a “malicious token” called “UniswapLP” — manipulating the “From” field in the blockchain transaction browser to make it look like it came From a legitimate “Uniswap V3: Positions NFT” contract.

The fake contract sends users tokens that eventually direct them to the fake website “/ Uniswaplp.com”, which is modeled on the real Uniswap. The site would send the user’s address and browser client information to /66312712367123.com and then try to steal the user’s encrypted assets.

A total of 3,278 ETH NFT positions worth about $3.56 million were stolen through the fake contract attackers, according to Tokenview.

Uniswap has lost about $8.1 million. But as the data continues to update, the attack could do more damage.

Phishing attacks in the NFT and Defi markets continue to emerge. Phishing attacks seem to be a popular way to steal from crypto markets. According to statistics, in 2021, phishing attacks in blockchain networks caused more than $6.4 billion in asset losses.

The Uniswap attack is yet another warning to the crypto community about the importance of anti-phishing education.

Tokenview once again reminds users that unknown/malicious links should always be vigilant, carefully check the transaction information, protect the account password, mnemonic, private key and other sensitive information.