9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Changpeng Zhao, head of the Binance bitcoin exchange, said that site researchers have discovered a potential vulnerability in the third version of Uniswap (v3). However, it was later
Changpeng Zhao, head of the Binance bitcoin exchange, said that site researchers have discovered a potential vulnerability in the third version of Uniswap (v3). However, it was later revealed that this was not a protocol vulnerability, but a phishing attack against the user.
Our threat intelligence has detected a potential exploit in Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far and they are being laundered via Tornado Cash. can someone let me know @unisswap? We can help you. Thank youhttps://t.co/OV3g7ayf77
— CZ 🔶 Binance (@cz_binance) 11 July 2022
Zhao’s message stated that the attacker pulled 4295 ETH ($4.6 million at the time of writing) from the protocol and sent it to the Tornado Cash mixer.
PeckShield stated that there was an attack on a liquidity provider (LP).
Here is the confirmation tx. So it’s not an exploit @unisswap. Instead of someone holding UniswapV3 Liquidity Positions, they were phished to confirm their position. @cz_binance https://t.co/atwbLoh7J5 https://t.co/LwQQDZZHTs
— Peck Shield Inc. (@peckshield) 11 July 2022
One of the first to report the phishing campaign was security expert Harry Denley. He noted that attackers sent malicious tokens from Uniswap to more than 70,000 addresses under the guise of an airdrop.
⚠️ As of block 151,223.32, there are 73,399 addresses that have been sent a malicious token to target their assets. $UNI airdrop by LPs
Event started ~2 H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00cinformation: @unisswap @eterscan pic.twitter.com/5W51AikFuV
— harry.eth 🦊💙 (whg.eth) (@sniko_) 11 July 2022
Victims interested in received tokens are redirected to a scam site. Later, hackers steal the funds.
The number of users affected and the total amount of damage are still unknown.
Hayden Adams, creator of the Uniswap protocol, has confirmed that this is a phishing campaign. He advised not to click on potentially malicious links.
This was a phishing attack that resulted in the receipt of some LP NFTs from people confirming malicious transactions.
completely separate from the protocol
A good reminder to protect yourself against phishing and not to click on malicious links https://t.co/aj3Zh8UKqF
— hayden.eth 🦄 (@haydenzadams) 11 July 2022
Changpeng Zhao said he contacted the Uniswap team and confirmed that the protocol is secure.
associated with @unisswap set. The protocol is secure.
The attack looks like a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Do not click on links. 🙏 pic.twitter.com/FIXebz3iBC
— CZ 🔶 Binance (@cz_binance) 11 July 2022
Some users pointed out that it’s not a good idea to post unconfirmed claims on Twitter “especially if you have millions of followers”.
If you think you’ve found an exploit, submit a bug bounty or reach out to the core development team directly.
Don’t just tweet unverified claims, especially if you have millions of followers, this is pretty irresponsible even if they are your competitor.
Context:https://t.co/UYT1ISCf25
— ChainLinkGod.eth (@ChainLinkGod) 11 July 2022
Recall that in 2020 experts discovered a fake Uniswap app that was stealing cryptocurrencies from users.
Learn more about Uniswap at ForkLog cards.
Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.
Source: Fork Log
I’m Sandra Torres, a passionate journalist and content creator. My specialty lies in covering the latest gadgets, trends and tech news for Div Bracket. With over 5 years of experience as a professional writer, I have built up an impressive portfolio of published works that showcase my expertise in this field.
