Over $4.7M Stolen in Uniswap Fake Token Phishing Attack
Categories: Crypto News US
Over $4.7M Stolen in Uniswap Fake Token Phishing Attack
A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers with at least $4.7 million worth of Ethereum (ETH). However, the community is reporting that the damage could be even greater. Metamask security researcher Harry Denly was one of the first to raise the alarm bells of the attack, telling his 13,000 Twitter followers on July 11 that malicious ERC-20 tokens were sent to 73,399 addresses to steal their assets.
According to a Twitter post by Binance CEO Changpeng “CZ” Zhao, at least $4.7 million in ETH was lost in the attack. However, there are also reports among the crypto community that intrusions can cause more significant damage. Prominent crypto Twitter user 0xSisyphus noted on July 11 that a “large LP” with approximately 16,140 ETH, valued at $17.5 million, could also be phished.
A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers with at least $4.7 million worth of Ethereum (ETH). However, the community is reporting that the damage could be even greater.
Metamask security researcher Harry Denly was one of the first to raise the alarm bells of the attack, telling his 13,000 Twitter followers on July 11 that malicious ERC-20 tokens were sent to 73,399 addresses to steal their assets.According to Denley, the phishing attack works by sending a "malicious token" called "unisWAPLP" to unsuspecting users — a valid "uniswap v2: status" by manipulating the "from" field in the Blockchain Transaction Explorer.
Nft" contract Users curious about their new tokens will be directed to a website to allow them to swap their new tokens for Uniswap's native token UNI, which is each priced at $5.34 at the time of writing. Instead the website will send the user's address and browser client information to the attackers' command center, which will also attempt to extract the cryptocurrency from their wallet.
The Reddit post explained the attack, also stating that the attackers stole native tokens (ETH), ERC20 tokens and NFTs (namely Uniswap LP status) from the victims.