More than $4.7M stolen in Uniswap fake token phishing attack


A classy phishing marketing campaign focusing on liquidity suppliers (LPs) of the Uniswap v3 protocol has seen attackers make off with a minimum of $4.7 million price of Ether (ETH). Nonetheless, the group is reporting the losses could possibly be even higher. 

MetaMask safety researcher Harry Denley was one of many first to boost the alarm bells of the assault, telling his 13,000 Twitter followers on Monday that 73,399 addresses had been despatched malicious ERC-20 tokens to steal their property.

A minimum of $4.7 million in ETH has been misplaced within the assault, according to a Twitter put up from Binance CEO Changpeng “CZ” Zhao. Nonetheless, there are additionally studies among the many crypto group that there could also be extra vital losses from the incursion.

Distinguished Crypto Twitter person 0xSisyphus famous on Monday {that a} “giant LP” with round 16,140 ETH, price $17.5 million, might have additionally been phished.

The way it works

In accordance with Denley, the phishing assault works by sending unsuspecting customers a “malicious token” referred to as “UniswapLP” — made to seem as coming from the official “Uniswap V3: Positions NFT” contract by manipulating the “From” discipline within the blockchain transaction explorer.

Customers inquisitive about their new tokens can be directed to an internet site purporting to permit them to swap their new tokens for Uniswap (UNI), price $5.34 every on the time of writing.

The web site would as a substitute ship the customers’ tackle and browser consumer information to the attackers’ command middle, which might additionally try to empty cryptocurrency from their wallets.

A Reddit put up additionally explaining the assault noted that the attackers had stolen native tokens corresponding to Ether, ERC-20 tokens and nonfungible tokens (NFTs) (particularly Uniswap LP positions) from victims.

Not an exploit

Binance’s CEO Zhao created some waves within the crypto markets when he first sounded alarms in regards to the assault, calling it a “potential exploit” of the Uniswap protocol on the Ethereum blockchain.

Associated: Finance Redefined: Uniswap goes in opposition to the bearish developments, overtakes Ethereum

Zhao clarified quickly after the put up with one other replace, sharing a dialog with the Uniswap staff, who famous the assault was a part of a phishing assault moderately than any situation with the protocol.

CZ’s preliminary alarming feedback coincided with a pointy drop within the Uniswap worth, which fell to a 24-hour low of $5.34. The worth of UNI has since recovered following the clarification to $5.48 on the time of writing however continues to be down 11% in 24 hours and is 87.8% down from its all-time-high.

Source link

You might also like

Recommended For You

Next Post

Leave a Reply

Your email address will not be published.

Related News