A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has witnessed attackers walk-off clear with at least $4.7 million worth of Ether (ETH). Regardless, the community is reporting the losses could be even bigger.
MetaMask security researcher Harry Denley was one of the first to raise the warning bells of the attack, on Monday the researcher conveyed that 73,399 addresses had been sent malicious ERC-20 tokens to swipe their assets.
As per Binance’s CEO “CZ”, $4.7 million in ETH has been lost in the attack. However, there are also reports among the crypto community that there may be more considerable losses from the attack.
Major Crypto Twitter user 0xSisyphus wrote on Monday that a “large LP” with around 16,140 ETH, worth $17.5 million, may also have been phished.
Fake Token Phishing scheme: How does it work?
According to Denley, the phishing attack works by transmitting unsuspecting users a “malicious token” dubbed “UniswapLP” created to appear as coming from the legitimate “Uniswap V3: Positions NFT” contract by exploiting the “From” field in the blockchain transaction explorer.
Users interested in their new tokens would be led to a website that will allow them to swap their latest tokens for Uniswap (UNI), worth about $5.56 each at the time of writing.
The website would rather send the users’ address and browser client info to the attackers’ command center, which would also try to drain cryptocurrency from their wallets.
A Reddit post also explaining the attack remarked that the attackers had stolen native tokens such as Ether, ERC-20 tokens, and NFTs i.e. namely Uniswap LP positions from victims.
Uniswap incident is Not an exploit Binance CEO apology
Binance’s CEO Zhao formed a hype around the crypto markets when he first sounded alarms about the attack, dubbing it a “potential exploit” of the Uniswap protocol on the Ethereum blockchain.
Zhao clarified soon after the post with another update, sharing a conversation with the Uniswap team, who reported the attack was part of a phishing attack and not any issue with the protocol.
CZ’s initial alarming remarks overlapped with a sharp drop in the Uniswap price, which fell to a 24-hour low of $5.34. The price of UNI has since rebounded following the clarification to $5.62 at the time of writing though is still down 11% in 24 hours and is 87.8% down from its all-time high.
Hungry for more information?
NFT Calendar from NFTHi
Join us on Telegram!
NFTHI does not recommend any kind of Investment in NFTs or NFT trading. All the strategies are merely educational references.
Conduct thorough research before you start with NFT trading.