$8M Taken in Uniswap Phishing Attack

Phising Attack Uniswap
Other categories related to this article:

Hackers stole more than 7,500 Ethereum

On Monday, 11 July, a phishing scam offering a fake airdrop extracted nearly $8 million in funds from users of the popular DeFi platform Uniswap. The phishing scam promised people an airdrop of 400 UNI tokens worth around $2,000. However, when users connected a wallet to receive the drop, they unknowingly signed approval that would allow the hacker to drain funds help in LP tokens. 

It was not Uniswap’s fault. It is a phishing scam, not an error on Uniswap’s behalf or a protocol safety issue. Instead, the error lies with the users that signed a malicious transaction request under the false impression of a UNI airdrop. It highlights that as long as human greed exists, bad actors will always have a role in the industry. 

Hacks and exploits have claimed more than $1 billion in funds this year as security and smart contract vulnerabilities are being continually tested by bad actors. This latest incident only highlights the need for more user protection and a deeper understanding by users of the risks involved in using blockchain wallets and crypto. 

Users who add liquidity to Uniswap receive Liquidity Provider (LP) tokens representing liquidity positions on the platform. These tokens are transferable and use the ERC-721 token standard. Most NFT projects use the same standard, and LP tokens are NFTs representing a position in a liquidity pool. 

What happened?

According to Etherscan, on July 11, a bad actor deployed a smart contract that was not verified – something long-standing projects like Uniswap wouldn’t do. After deploying the contract, the hacker went after Uniswap users with liquidity Provider (LP) tokens in their wallets.

The hack perpetrator tricked them into signing a transaction in their wallet, which they believed would allow them to collect 400 UNI tokens.

Instead, the transaction was for approval to spend funds, giving the hacker access to all the Uniswap LP tokens held by a user. 

According to data from Etherscan, at writing, just under 74,000 wallets interacted with the malicious smart contract, which has now drained 7,500 ETH, or about $8 million. The approval transaction allowed the hacker wallet to spend funds on behalf of the user.

After gaining access from the previous approval transaction, the hacker transferred all the LP tokens to their wallet and withdrew all the liquidity from Uniswap. Making off with more than 7,573 Ethereum, according to analytics info from Etherscan.

FUD is dangerous

Fear, uncertainty, and doubt (often shortened to FUD) are propaganda tactics used in sales, marketing, public relations, politics, polling, and more. FUD is generally a strategy to influence perception by spreading negative and suspicious or false information and a declaration of the appeal to fear.

Despite numerous media clarifications after many wrongly framed Uniswap to be at blame for the exploit, the price of UNI plummeted more than 10% in the immediate aftermath. This shows the effect of news and speculation on leading protocols in the crypto space and moreover the importance of correct media reporting and understanding. 

Source: CoinGecko

Stay safe in Crypto

The first thing to say is that greed gets the better of most humans, especially when it comes to money. Crypto natives are seemingly quick to chase rewards and not so quick to research. Moreover, a quick look on Uniswaps social media, a message on their Telegram, etc., could have qualified the airdrop offer quickly in advance for those affected. 

The crypto space is still in its early stages of development. This is a tremendously exciting time to start with blockchain technology, as the opportunities are close to boundless. However, staying safe and protecting your identity and investments on the blockchain are key to your personal success in the space. 

To learn more about staying safe in crypto and when interacting with the blockchain, check out our DappRadar guide to not getting REKT and our essential guide to staying safe in crypto, or jump straight into the section that interests you most below:  

Share this post on social media

Share this Article

Related articles

Related articles

More Than $3 Million Stolen in Another Bored Ape Yacht Club NFT Hack

Phishing attack is the latest in a string of recent NFT hacks