More than $8m was lost in a phishing attack on Uniswap which resulted in some LP NFTs being drained from users that approved malicious transactions as we can see more today in our latest cryptocurrency news.
The hacker targeted the liquidity providers of the Uniswap v3 Protocol and executed a phishing campaign. More than $8M in ETH is supposedly lost so far in the attack. Metamask analyst Harry Denley was the first to detect the incident and observed that 73,399 addresses were sent with a token dubbed UniswapLP to target their assets under the pretext of fake UNI tokens airdrop. The malicious token sent to the victims seemed to have come from a legitimate Uniswap V3: Positions NFT contract by manipulating the From field in the transaction explorer. The website hosted by the bad actors will read sensitive user information and steal funds.
The entity behind this attack is believed to be a part of a sophisticated attack that targeted 73,399 addresses by sending malicious tokens. The founder of Binance Changpeng Zhao speculated that $4.7 million worth of ETH was stolen in the attack but the crypto tracking platform MistTrack revealed the number of funds standing at 7500 ETH. Uniswap Lab’s creator confirmed that the hacker managed to impersonate the website and deceive the LP provider into signing these transactions but the protocol hasn’t been exploited yet.
Web3- style attacks and phishing attacks continue to be the preferred choice of attack on the market and the web 3 space. The slew of phishing websites that impersonated STEPN was detected in April and also OpenSea reported a data breach that affected the personally identifying information of the customers subscribed to the mailing list which is why they warned customers of potential phishing attempts. According to the reports by DeFi security platform CertiK, phishing attacks increased by 170% since last quarter and underscored that the social media platforms emerged as the main point for Web3 projects while Q2 recorded 290 attacks compared to the 106 in Q1 in 2022:
“What’s frustrating about these hacks from a web3 security perspective, is that the hackers are deploying the tried and tested tricks of web2 that exploit centralization and human error as a starting point, and are using this to make lateral moves to exploit web3 in turn.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post