Hackers attacked Uniswap liquidity providers through a fake airdrop

Binance chief Changpeng Zhao said researchers at the exchange had detected a potential vulnerability in Uniswap v3. However, it later emerged that the incident involved a phishing attack against a user, not a vulnerability in the protocol.

Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77

— CZ 🔶 Binance (@cz_binance) July 11, 2022

In Zhao’s message, it stated that the attacker withdrew 4,295 ETH ($4.6 million at the time of writing) from the protocol and sent them to the Tornado Cash mixer.

PeckShield said that there had been an attack on a liquidity provider (LP).

Here is the approve tx. So it is not an exploit on @Uniswap. Instead someone with the UniswapV3 Liquidity Positions got phished to approve on their positions. @cz_binance https://t.co/atwbLoh7J5 https://t.co/LwQQDZZHTs

— PeckShield Inc. (@peckshield) July 11, 2022

Security researcher Harry Denley was among the first to report the phishing campaign. He noted that the attackers sent malicious tokens masquerading as an Uniswap airdrop to over 70,000 addresses.

⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s

Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00c

cc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV

— harry.eth 🦊💙 (whg.eth) (@sniko_) July 11, 2022

Victims enticed by the tokens are redirected to a fraudulent site. The hackers then steal the funds.

The number of affected users and the total amount of damage remain unknown.

Uniswap protocol founder Hayden Adams confirmed that this was a phishing campaign. He advised not to click on links that may be malicious. 

This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions

Totally separate from the protocol

A good reminder to protect yourself from phishing and not click on malicious links https://t.co/aj3Zh8UKqF

— hayden.eth 🦄 (@haydenzadams) July 11, 2022

Changpeng Zhao said he had been in touch with the Uniswap team and confirmed that the protocol is safe.

Connected with the @uniswap team. The protocol is safe.

The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.

Learn to protect yourself from phishing. Don’t click on links. 🙏 pic.twitter.com/FIXebz3iBC

— CZ 🔶 Binance (@cz_binance) July 11, 2022

Some users noted that you should not post unverified claims on Twitter, “especially if you have millions of followers.”

If you think you found an exploit, submit a bug bounty or reach out to the core dev team directly

Don’t just tweet unverified claims, especially if you have millions of followers, it’s quite irresponsible, even if they’re your competition

Context:https://t.co/UYT1ISCf25

— ChainLinkGod.eth (@ChainLinkGod) July 11, 2022

Earlier in 2020, specialists discovered a fake Uniswap app that stole cryptocurrency from users.

Read more about Uniswap in ForkLog cards.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, rates and analysis.