Uniswap Users Lose More Than $8 Million Worth of ETH In the Latest Phishing Attack

13. Jul 2022 Posted by Akolkar B on News

Ethereum-based popular decentralized exchange Uniswap lost more than $8 million worth of Ether earlier today, July 12. As per security researchers, the attacker deployed an airdrop bait to trap users.

Binance CEO Changpeng Zhao was among the first to report the incident. However, Zhao first though that there was a protocol security exploit by the hacker. However, the team at Uniswap was quick to confirm that the network protocol hasn’t been compromised but instead it was a pushing attack.

Uniswap inventor Hayden Adams wrote: “This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links”.

MetaMask analysts Harry Denley made a detailed analysis of the entire event. He said: “As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s”.

The hackers first diverted the victims to an malicious token UniswapLP. Later, they directed them to a website which stated that users can swap their LP tokens against Uniswap’s native token UNI. Just as the victims attempted the swap, the website would read sensitive information and steal funds from the wallet.

This incident shows that there’s more awareness required among crypto investors to spot phishing attacks. Such way of theft has been very popular in the crypto space.

Over the last year, phishing attacks have been on a steep rise this year, especially in the rapidly emerging Web 3 space. Ethereum-based NFT marketplace OpenSea has faced multiple such attacks that have exploited personally-identifying information (PII) of customers.

CertiK, a crypto firm focused on DeFi security said that the pushing attacks increased by more than 170% during the last quarter. A majority of the phasing attacks have been happening through social media platforms.

So far this year in 2022, hackers have stole more than $2 billion by targeting projects in the Web 3 space. The report from CertiK notes: What’s frustrating about these hacks from a web3 security perspective, is that the hackers are deploying the tried and tested tricks of web2 that exploit centralization and human error as a starting point, and are using this to make lateral moves to exploit web3 in turn.”