$4.7 Million Stolen from Uniswap Liquidity Pool

Hacken Ecosystem
2 Minutes Read

Binance CEO CZ reported that Uniswap V3 on the ETH blockchain suffered a potential exploit. The hacker stole 4295 ETH and laundered them through Tornado Cash, a non-custodial privacy solution for the ETH network. Luckily, this loss turned out to be the result of a sophisticated phishing attack targeted at LPs (protocol liquidity providers) rather than a vulnerability in the protocol itself, as was initially suspected.

Harry Denley, a security analyst from MetaMask, was the first person who warned about the assault. He posted a Twit, informing his followers that malicious ERC-20 tokens, falsely represented as UNI airdrops, have been sent to over 73,000 addresses.

Uniswap V3 liquidity positions contain NFTs. Someone with Uniswap V3 liquidity positions approved malicious transactions and fell victim to phishing. This attack resulted in some LP NFTs being transferred to the attacker’s wallet. The intruder also tried to make a phishing attack to trick celebrity names such as Vitalik Buterin, Justin Sun, 0xSifu, and others.

The goal of cyber threat actors was to trick users into granting them full access to wallets after luring them to uniswaplp[.]com which impersonated the official domain of the popular decentralized crypto trading protocol.

Before taking part in any promotional events, users of digital assets need to make sure that the offer isn’t fake by looking for the related info on the platform’s official website and social media pages. The domain name of the website should be checked as well to prevent bad actors from taking control of transactions.

Even though the Uniswap V3 protocol appears to be secure since the protocol wasn’t compromised, $UNI’s price went down anyway. A number of crypto users criticize CZ for spreading panic without verifying everything and asking the team privately about the details of the assault. Zhao’s public statements brought about this price decrease, but he seemed to be protecting the users of Uniswap.
In the meantime, some community members claim that the amount of losses is likely to be underreported by CZ.

Sources:

Read more on HackenProof Blog