Hackers Steal $8M In Ethereum In The Latest Uniswap Phishing Attack

Hackers steal $8M in ETH in the latest phishing attack on Uniswap after they gained access to the LPs via a malicious airdrop contract so let’s have a closer look at today’s cryptocurrency news.

A phishing scam offering a fraudulent airdrop managed to rob Uniswap users of $8 million in funds and the scam promised a free airdrop of 400 UNI Tokens that were worth $2200 so the users were asked to connect their wallets and sign the transaction to claim the airdrop. Before connection, the hacker grabbed the user funds via a malicious smart contract. More than 74,000 wallets have interacted with the scam smart contract as per the data on Etherscan. The hacker even deployed the smart contract on July 11.

The code wasn’t verified for the smart contract that was deployed on Etherscan which is something that most projects which are actually legitimate do. After deployment, for collecting these airdropped tokens, the hacker tricked the users into signing transactions but this transaction served as an approval one and gave the hacker access to the Uniswap LP tokens that were held by the user.

When the user adds liquidity to Uniswap, they can receive LP Tokens in return as a representation of the liquidity positons and these tokens can be transferred like other NFTs. Through an approval transaction, the third party can spend funds on behalf of the user. After gaining access from other transactions, the hackers steal $8M by being able to transfer the LP Tokens to his wallet and withdrew the liquditiy from Uniswap. The hacker gained 7500 ETH from the exploit as the Uniswap creator Hayden Adams added:

“This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol.”

A former engineer at Metamask, Harry Denly added:

“As of block 151,223,32, there have been 73,399 addresses that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LPs.”

Hours after Denly’s tweet, Binance CEO Changpeng Zhao expressed his opinion on the issue and alleged that the DEX protocol was exploited. Later after the clarifications from the team, he confirmed that it was indeed a phishing scam:

“This seems like an incredibly irresponsible thing to tweet, it was a phishing campaign, not an exploit of Uniswap v3 code.”

However, another user tweeted after Zhao’s tweet:

“Let’s agree to disagree. I personally think when you have an audience of [6 million] people you should not go around spreading panic without verifying your story first.”