Sunday 7 August 2022
Home / Aave / More than $4.7M stolen in Uniswap fake token phishing attack

More than $4.7M stolen in Uniswap fake token phishing attack

A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers make off with at least $4.7 million worth of Ether (ETH). However, the community is reporting the losses could be even greater.

MetaMask security researcher Harry Denley was one of the first to raise the alarm bells of the attack, telling his 13,000 Twitter followers on Monday that 73,399 addresses had been sent malicious ERC-20 tokens to steal their assets.

At least $4.7 million in ETH has been lost in the attack, according to a Twitter post from Binance CEO Changpeng “CZ” Zhao. However, there are also reports among the crypto community that there may be more significant losses from the incursion.

Prominent Crypto Twitter user 0xSisyphus noted on Monday that a “large LP” with around 16,140 ETH, worth $17.5 million, may have also been phished.

How it works

According to Denley, the phishing attack works by sending unsuspecting users a “malicious token” called “UniswapLP” — made to appear as coming from the legitimate “Uniswap V3: Positions NFT” contract by manipulating the “From” field in the blockchain transaction explorer.

Users curious about their new tokens would be directed to a website purporting to allow them to swap their new tokens for Uniswap (UNI), worth $5.34 each at the time of writing.

The website would instead send the users’ address and browser client info to the attackers’ command center, which would also attempt to drain cryptocurrency from their wallets.

A Reddit post also explaining the attack noted that the attackers had stolen native tokens such as Ether, ERC-20 tokens and nonfungible tokens (NFTs) (namely Uniswap LP positions) from victims.

Not an exploit

Binance’s CEO Zhao created some waves in the crypto markets when he first sounded alarms about the attack, calling it a “potential exploit” of the Uniswap protocol on the Ethereum blockchain.

Related: Finance Redefined: Uniswap goes against the bearish trends, overtakes Ethereum

Zhao clarified soon after the post with another update, sharing a conversation with the Uniswap team, who noted the attack was part of a phishing attack rather than any issue with the protocol.

CZ’s initial alarming comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $5.34. The price of UNI has since recovered following the clarification to $5.48 at the time of writing but is still down 11% in 24 hours and is 87.8% down from its all-time-high.

About Sean Patterson

Check Also

Latest Report Shows Cryptojacking Increased By 30% During The Crypto Slump

The crypto industry is fraught with different malicious actors preying on unsuspecting users, especially the cryptojacking attackers. Many hacks and exploits occur in the industry, targeting crypto firms and individual investors. According to data, crypto scams and exploits in 2022 amounted to $10.3 million from January to June. This shows that the industry is not safe to operate without caution. Apart from exploiting exchanges and networks, cybercriminals also target individuals through cryptojacking. This targeted attack on someone’s computer resources to mine crypto without permission. In cryptojacking, the lousy actor will infect the computer with mining malware through the target’s loopholes in extensions and browsers. This tactic might seem unpopular, but recent reports have shown that it increased by 30% in 2022, even with the failing crypto market. Cryptocurrency market trends upwards on the day chart | Source: Crypto Total Market Cap on This report emerged from SonicWall mid-year cyber threat update. According to the cyber-security company’s report, the volume of these exploits increased by $66.7 million compared to its figure in the first half of 2021. Factors Increasing Crypto Scams According to the company report, one of the factors that contributed to the increase in cryptojacking was the Log4j vulnerability. This flaw was discovered in December 2021, affecting a Java-based logging utility in Apache’s open source library. With this vulnerability, hackers can quickly access a system remotely and attack their targets. Another factor leading to this increase is that cryptojacking is easier to perpetrate. This method of attack is not risky compared to ransomware in that the victim must be involved so he can pay the ransom. In cryptojacking, the target will never know that the network or computer is under attack. Cryptojacking And The Financial Sector From this data, it’s evident that everyone operating in the financial sector is at risk. People are more aware of ransomware attacks and have devised means to prevent them or decrypt their files. Also, cryptojacking wasn’t that common in the financial sector. But now, criminals have changed their targets from other sectors. A recent report shows that finance and retail are at risk of this trend. The finance sector recorded a 269% increase, while retail saw a 63% increase in cryptojacking. This figure shows that attackers are targeting the finance sector more than retail. Cyber-security researchers claim cyptojacking was intense in quarter one of 2022 when crypto prices were standard. The activities only began to drop after the crypto market crashed. As the sector lost massively, the targeted profits plummeted, causing the hackers to reduce their operations. But judging by past trends, the researchers revealed that the volume of cryptojacking in Q3 will reduce but increase by quarter four. Featured image from Pixabay, chart from

Leave a Reply

Your email address will not be published. Required fields are marked *