Uniswap users fall victim to a USD 8M NFT phishing attack, Binance pulls false alarm

Users of Uniswap (UNI), the largest decentralized exchange (DEX) operating on the Ethereum (ETH) blockchain, has fallen victim to a sophisticated phishing attack, allegedly losing over $ 8.1 million in assets. Meanwhile, Binance CEO Changpeng Zhao (CZ) falsely intimidated the incident and claimed that the protocol itself was being exploited.

The phishing attack attempted to rob users of their belongings under the false impression of a UNI airdrop, according to Metamask security analyst Harry Denley. He claimed that at least 73,399 addresses had been sent a malicious token to target their assets.

The hacker is said to have carried out the phishing campaign on a large Uniswap V3 liquidity pool (LP). They apparently sent a malicious token to addresses that acted under false pretenses of a UNI airdrop in an attempt to get users to sign the transaction.

“First, the malicious contract pollutes the event data so that block investigators index ‘From’ as the legitimate ‘Uniswap V3: Positions NFT’ contract,” Denley said, noting that when a user sees that “Uniswap V3: Positions NFT” was sent them a token, they would be curious and check the token.

The token name directs users to a domain that mimics the true Uniswap brand. The site then performs a function that attempts to steal users’ assets.

According to chain data for the address identified as the attacker, a total of 7500 ETH ($ 8.1 million) has been laundered through crypto-mixing service Tornado Cash. The address currently has only ETH 70.

Binance chief CZ initially falsely threatened about the incident and said that the protocol itself was exploited. “Our threat information detected a potential exploit on Uniswap V3 on the ETH blockchain,” he said in a tweet.

However, CZ later confirmed that the protocol was secure and the attack was a phishing attempt.

“A phishing attack that resulted in some liquidity pool NFTs being taken from people who approved malicious transactions,” Uniswap founder Hayden Adams so. “Completely separate from the protocol.”

Meanwhile, someone in the crypto community CZ claimed to have tweeted about the problem without confirming it first, claiming that he with an audience of 6.6 million followers on Twitter should be more careful about spreading panic.

“Stupid to tweet this instead of asking the team privately, even if it * was * an exploitation,” said FatMan, a pseudonym. Terra social scientist. “The fact that it has nothing to do with the contract (and the Binance team did not bother to check this) makes it so much worse.”

At 06:42 UTC, UNI is the second worst performer among the top 100 cryptocurrencies by market value today. It fell 7% in one day, approaching $ 5.5. It is still up almost 6% in one week.
____
Learn more:
– NFT Giant OpenSea shares 5 security recommendations as users’ emails leaked
– Crypt exchange that hosted a scammer’s wallet is ‘not responsible’ for the victim’s loss, legal rules

– NFT Self Defense: Staying Safe in Web3
– Crypto Sector World’s 3rd Industry in Phishing Attacks Growth – Report