A group of hackers has been found to have carried out a phishing campaign that impersonates the Uniswap V3 liquidity pool (LP) and steals at least $4.7 million worth of Ethereum (ETH). However, the community is reporting losses that could be even greater.
Harry Denley, a security researcher at Metamask, was among the first to raise the alarm for an attack. It told his 13,000 Twitter followers on July 11 that 73,399 addresses had sent malicious ERC-20 tokens to steal their assets.
As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— harry.eth
(whg.eth) (@sniko_) July 11, 2022
ETH Lost At Least $4.7 Million In Attacks, According TopostTwitter from Binance CEO Changpeng “CZ” Zhao, however, has been reported among the crypto community that there may be more losses from the intrusion.
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ
Binance (@cz_binance) July 11, 2022
Crypto Twitter user 0xSisyphus noted on July 11 that a “large LP” of approximately 16,140 ETH worth $17.5 million was also subject to phishing.
According to Denley, phishing attacks work by sending A “dangerous token” called “UniswapLP” is given to users, which appears to be derived from the correct “Uniswap V3: Positions NFT”.
deceived user They are taken to a website that claims to allow them to exchange new tokens for Uniswap legacy tokens.value$5.34 each at time of writing
Instead, the website sends the user’s address and browser client information to the attacker. Instead, they try to steal cryptocurrency from their wallets.
Please be aware that there is currently a Phishing scam happening that targets Uniswap V3 LP’s.
It does not look like a Uniswap protocol hack.
No matter what, if you get tokens airdropped to your wallet of ynknown origin – DON’T Interact with them!!!
— Mel
(@belikewater893) July 11, 2022
A phishing attack that impersonates Uniswap V3 and has stolen at least $4.7 million in ETH appeared first on Bitcoin Addict.