The hacker targeted the liquidity providers of the Uniswap v3 protocol to execute an elaborate phishing campaign. More than $8 million in ETH was believed to бе lost so far in the attack.
Uniswap v3 Protocol LPs Targeted
Metamask security analyst Harry Denley was the first one to detect the incident. He observed that 73,399 addresses were sent a malicious token called “UniswapLP” to target their assets under the pretext of a false UNI tokens airdrop.
The malicious token sent to the victims appeared to come from a legitimate “Uniswap V3: Positions NFT” contract by manipulating the “From” field in the blockchain transaction explorer. The website hosted by bad actors would then read sensitive user information and steal funds from their wallets.
The entity behind the attack is believed to be part of a much more sophisticated attack that had targeted roughly 73,399 addresses by sending a malicious token.
According to speculation that nearly $4.7 million worth of Ether had been drained in the attack. However, crypto tracking and compliance platform MistTrack revealed the amount of stolen funds stands at 7,500 ETH (around $8.1 million), which was then laundered via crypto mixing service Tornado Cash in a total of 100 transactions.
Uniswap Labs’ creator confirmed that the hacker managed to impersonate the official website and deceive the LP provider into signing malicious transactions. The protocol, however, hasn’t been exploited.
Phishing Attacks on the Rise
Web2-style attacks such as phishing campaigns continue to wreak havoc in the Web3 landscape. A slew of phishing websites impersonating Stepn, a Solana-based Web3 lifestyle app, was detected in April. More recently, OpenSea reported a data breach that affected the personally-identifying information (PII) of customers subscribed to its mailing list. It warned customers of potential phishing attempts.
According to a new report by a prominent blockchain and DeFi security-focused platform, CertiK, phishing attacks have increased by 170% since last quarter. It also underscored that social media platforms have emerged as a major pain point for Web3 projects. Throughout Q2, CertiK recorded 290 attacks compared to 106 in Q1 of 2022.
“What’s frustrating about these hacks from a web3 security perspective, is that the hackers are deploying the tried and tested tricks of web2 that exploit centralization and human error as a starting point, and are using this to make lateral moves to exploit web3 in turn.”
Over $8 Million Lost in a Uniswap Phishing Attack
CryptoPotato发布于2022-07-12更新于2022-07-12
文章摘要
The phishing attack resulted in some LP NFTs being siphoned from users who approved malicious transactions, the Uniswap founder, Hayden Adams confirmed.
你可能也喜欢
交易
现货
合约
热门文章
如何购买UNI
欢迎来到HTX.com!我们已经让购买Uniswap(UNI)变得简单而便捷。跟随我们的逐步指南,放心开始您的加密货币之旅。第一步:创建您的HTX账户使用您的电子邮件、手机号码注册一个免费账户在HTX上。体验无忧的注册过程并解锁所有平台功能。立即注册第二步:前往买币页面,选择您的支付方式信用卡/借记卡购买:使用您的Visa或Mastercard即时购买Uniswap(UNI)。余额购买:使用您HTX账户余额中的资金进行无缝交易。第三方购买:探索诸如Google Pay或Apple Pay等流行支付方法以增加便利性。C2C购买:在HTX平台上直接与其他用户交易。HTX场外交易台(OTC)购买:为大量交易者提供个性化服务和竞争性汇率。第三步:存储您的Uniswap(UNI)购买完您的Uniswap(UNI)后,将其存储在您的HTX账户钱包中。您也可以通过区块链转账将其发送到其他地方或者用于交易其他加密货币。第四步:交易Uniswap(UNI)在HTX的现货市场轻松交易Uniswap(UNI)。访问您的账户,选择您的交易对,执行您的交易,并实时监控。HTX为初学者和经验丰富的交易者提供了友好的用户体验。
1.0k人学过发布于 2024.03.29更新于 2025.03.21
相关讨论
