"A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers make off with at least $4.7 million worth of Ether (ETH). However, the community is reporting the losses could be even greater" [Ng, F. More than $4.7M stolen in Uniswap fake token phishing attack. (Accessed July 12, 2022)].
Binance CEO Changpen Zhao was the first to report on a possible exploit. In this regard CZ tweeted:
Following this initial report on an exploit, the situation was quickly corrected to be a reported phishing attack. "The team at Uniswap was quick to respond and found that there was no issue with the protocol security. Instead, it was a phishing attack that led to the theft of the Uniswap V3 protocol. While being in touch with the Binance CEO, Uniswap said: 'We scan public blockchains regularly as part of our threat intel. And this set of transactions on Uniswap V3 Positions today fired off alarms. It looks like via Web 2 phishing attacks" [Akolkar, B. Uniswap confirms a phishing attack on the exchange, denies threat to protocol security. (Accessed July 12, 2022).
Later, CZ confirmed that the Uniswap protocol was good and Uniswap developer Hayden Adams cautioned:
This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links.
"It appears the victim is part of a much wider attack that targeted roughly 73,399 addresses by sending a malicious token — acting under the false pretense as a UNI airdrop — in an attempt to get users to sign, according to MetaMask security analyst Harry Denley" [Sinclair, S. Uniswap LP Hit With Phishing Attack Totaling $3.5M in Ether. (Accessed July 12, 2022).
Since the initial report, the dollar amount of the attack has risen. "Numerous sources are reporting that over 7,500 ETH was stolen" [Nambiampurath, R. Uniswap Users Lose Over $8M Worth of Ethereum in Massive Phishing Attack. (Accessed July 12, 2022)].
"The incident clearly highlights the need for more awareness of phishing attacks. This is a popular way of theft targeting gullible investors. A large number of investors have called prey to it in the past... phishing attacks have been on a steep rise this year in 2022. During the second quarter of this year, there was a staggering 170 percent in phishing attacks in comparison to the previous quarter... Over $2 Billion has been lost in Q1 and Q2 alone, meaning that 2022 has already lost more to hacks and exploits than the entirety of 2021" [Akolkar, supra].
CZ’s initial alarming comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $5.34. The price of UNI has since recovered following the clarification to $5.48 at the time of writing but is still down 11% in 24 hours and is 87.8% down from its all-time-high.