Phishing Attack Hits Uniswap - More than $4.5 Million Stolen

Photo Source

"A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers make off with at least $4.7 million worth of Ether (ETH). However, the community is reporting the losses could be even greater" [Ng, F. More than $4.7M stolen in Uniswap fake token phishing attack. (Accessed July 12, 2022)].

Binance CEO Changpen Zhao was the first to report on a possible exploit. In this regard CZ tweeted:

20220712 2.png
Photo Source

Following this initial report on an exploit, the situation was quickly corrected to be a reported phishing attack. "The team at Uniswap was quick to respond and found that there was no issue with the protocol security. Instead, it was a phishing attack that led to the theft of the Uniswap V3 protocol. While being in touch with the Binance CEO, Uniswap said: 'We scan public blockchains regularly as part of our threat intel. And this set of transactions on Uniswap V3 Positions today fired off alarms. It looks like via Web 2 phishing attacks" [Akolkar, B. Uniswap confirms a phishing attack on the exchange, denies threat to protocol security. (Accessed July 12, 2022).

Later, CZ confirmed that the Uniswap protocol was good and Uniswap developer Hayden Adams cautioned:

This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links.


"It appears the victim is part of a much wider attack that targeted roughly 73,399 addresses by sending a malicious token — acting under the false pretense as a UNI airdrop — in an attempt to get users to sign, according to MetaMask security analyst Harry Denley" [Sinclair, S. Uniswap LP Hit With Phishing Attack Totaling $3.5M in Ether. (Accessed July 12, 2022).

20220712 2.png
20220712 4.png
Photo Source

Since the initial report, the dollar amount of the attack has risen. "Numerous sources are reporting that over 7,500 ETH was stolen" [Nambiampurath, R. Uniswap Users Lose Over $8M Worth of Ethereum in Massive Phishing Attack. (Accessed July 12, 2022)].

20220712 6.png
Photo Source

"The incident clearly highlights the need for more awareness of phishing attacks. This is a popular way of theft targeting gullible investors. A large number of investors have called prey to it in the past... phishing attacks have been on a steep rise this year in 2022. During the second quarter of this year, there was a staggering 170 percent in phishing attacks in comparison to the previous quarter... Over $2 Billion has been lost in Q1 and Q2 alone, meaning that 2022 has already lost more to hacks and exploits than the entirety of 2021" [Akolkar, supra].

CZ’s initial alarming comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $5.34. The price of UNI has since recovered following the clarification to $5.48 at the time of writing but is still down 11% in 24 hours and is 87.8% down from its all-time-high.

[Ng, supra].

3 columns
2 columns
1 column