BTC 5.48%
$66,262.79
ETH 7.07%
$2,639.86
SOL 6.48%
$157.17
PEPE 12.95%
$0.000010
SHIB 6.82%
$0.000018
BNB 3.17%
$589.84
DOGE 5.37%
$0.11
XRP 3.00%
$0.54
Pepe Unchained ($PEPU)
The Hottest Presale

Uniswap Users Fall Victim to a USD 8M NFT Phishing Attack, Binance Pulls False Alarm

Binance Changpeng Zhao Crime Security Uniswap
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews
Source: iStock/Hailshadow

 

Users of Uniswap (UNI), the largest decentralized exchange (DEX) operating on the Ethereum (ETH) blockchain, have fallen victim to a sophisticated phishing attack, reportedly losing over USD 8.1m worth of assets. Meanwhile, Binance CEO Changpeng Zhao (CZ) falsely alarmed about the incident, claiming that the protocol itself was exploited. 

The phishing attack attempted to rob users of their assets under the false impression of a UNI airdrop, according to Metamask security analyst Harry Denley. He claimed that at least 73,399 addresses have been sent a malicious token to target their assets. 

https://www.twitter.com/sniko_/status/1546535673661997058

The hacker is said to have executed the phishing campaign on a major Uniswap V3 liquidity pool (LP). They seemingly sent a malicious token to addresses acting under the false pretense of a UNI airdrop in an attempt to get users to sign the transaction. 

“First, the malicious contract pollutes the event data so that block explorers index the “From” as the legitimate “Uniswap V3: Positions NFT” contract,” Denley detailed, noting that when a user sees that “Uniswap V3: Positions NFT” sent them a token, they would get curious and check the token.

The token name directs users to a domain that imitates the real Uniswap branding. The website then executes a function that tries to steal the users’ assets. 

https://www.twitter.com/peckshield/status/1546702728982069248/photo/1

According to on-chain data of the address identified as the attacker, a total of ETH 7,500 (USD 8.1m) has been laundered through crypto mixing service Tornado Cash. The address currently holds just ETH 70. 

Binance CEO CZ initially falsely alarmed about the incident, saying that the protocol itself was exploited. “Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain,” he said in a tweet. 

However, CZ later confirmed that the protocol is safe and the attack was a phishing attempt. 

“A phishing attack that resulted in some liquidity pool NFTs being taken from individuals who approved malicious transactions,” Uniswap founder Hayden Adams said. “Totally separate from the protocol.”

Meanwhile, some in the crypto community slammed CZ for tweeting about the issue without verifying it first, claiming that with an audience of 6.6m followers on Twitter he should be more careful about spreading panic. 

“Stupid as f*ck to tweet this out instead of asking the team privately even if it *was* an exploit,” said FatMan, a pseudonymous Terra community researcher. “The fact that it has nothing to do with the contract (and the Binance team didn’t bother checking this) makes it so much worse.”


At 06:42 UTC, UNI is the second-worst performer among the top 100 cryptoassets by market capitalization today. It dropped 7% in a day, nearing USD 5.5. It’s still up almost 6% in a week. 
____
Learn more: 
NFT Giant OpenSea Shares 5 Safety Recommendations as Users’ Emails Leaked
Crypto Exchange That Hosted a Scammer’s Wallet Is ‘Not Liable’ For Victim’s Losses, Court Rules

NFT Self Defense: Staying Safe in Web3
Crypto Sector World’s 3rd Industry in Phishing Attacks Growth – Report

More Articles

DeFi News
UAE Approves In-Principle License to First AED Stablecoin Issuer
Hassan Shittu
Hassan Shittu
2024-10-14 20:49:42
Industry Talk
Shiba Inu Price Analysis: Shytoshi Kusama Teases “Back to the Future” Collaboration – Will It Drive SHIB to New Highs?
Joel Frank
Joel Frank
2024-10-14 20:22:21