- Users were duped into believing that they would receive free UNI tokens from the deal.
- It is estimated that over 7500 ETH was stolen by the attackers through malicious approved transactions.
- The stolen funds were then laundered through the mixing service, Tornado Cash.
Uniswap users lose over $8 million worth of Ethereum after a massive phishing attack on the crypto platform.
The users were deceived into believing that they would receive free UNI tokens from the deal.
Over 7500 ETH is estimated to have been stolen by the attackers through malicious approved transactions.
The users experienced a phishing attack that used the Uniswap V3 protocol and was duped into accepting the malicious transactions on the platform.
How the Uniswap phishing attack happened
Binance CEO, Changpeng Zhao, reported through a tweet on July 12, that the exchange had detected a potential exploit on Uniswap V3. The stolen funds were then laundered through the mixing service, Tornado Cash.
The security researcher from MetaMask, Harry Denley confirmed that 73,399 addresses were sent a malicious token on July 11. The users were given the impression that they would be rewarded with free Uniswap tokens.
Through Uniswap’s creator, Hayden Adams tweet, the malicious attack involved phishing and had nothing to do with the Uniswap protocol. He also further urged users to be cautious of any phishing attempts.
Adams also assured the Uniswap community that the smart contract had been counterchecked and all systems were working properly. The platform stated that they scan the public blockchains regularly as part of their security threat intel.
The phishing attack resulted in some LP NFTs being taken from individuals who approved malicious transactions.
The victims of the attack received a malicious token called UniswapLP and were directed to a website where they could swap the malicious token for the UNI.
The attackers would then acquire sensitive information from users. They would then use the information to empty funds from the digital wallets through the redirected website. The total estimated losses stand at $8.1 million though the figure is expected to be much higher as more information pops up.
Malicious attacks craze in the crypto world
The phishing method of theft continues to be a popular way for scammers to target unsuspecting users in the crypto market. Recently, the crypto world has experienced an array of malicious attacks and loss of crypto holdings.
One of the latest phishing attacks involved the American Actor and Comedian Seth Green. The actor lost four NFTs worth more than $300,000. Crypto data aggregator sites such as Dextool, CoinGecko and Etherscan have also been targets of cyber-attacks.
Companies have set up awareness campaigns to warn their users following Yam Finance’s attempted attack. MetaMask issued a warning saying that Apple users were at risk of phishing attacks.
Just recently, Cyble, had identified a new strain of crypto-malware making rounds on YouTube. The cyber company caught the Pennywise malware on their radar in May and has been tracking YouTube since then.
OpenSea platform also reassured its users of is boosting its security features after an attack on the NFT marketplace.
Yam finance
