
The hacker targeted the liquidity providers of the Uniswap v3 protocol to execute an elaborate phishing campaign. More than $8 million in ETH was believed to бе lost so far in the attack.
Uniswap v3 protocol LPs targeted
Metamask security analyst Harry Denley was the first to detect the incident. He observed that 73,399 addresses received a malicious token called “UniswapLP” to target their assets under the guise of an airdrop of fake UNI tokens.
The malicious token sent to the victims appeared to come from a legitimate “Uniswap V3: Positions NFT” contract by manipulating the “From” field in the blockchain transaction explorer. The website hosted by bad actors would then read sensitive user information and steal funds from their wallets.
The entity behind the attack is believed to be part of a much more sophisticated attack that targeted approximately 73,399 addresses by sending a malicious token.
Binance CEO Changpeng “CZ” Zhao speculated that nearly $4.7 million worth of Ether had been drained in the attack. However, crypto tracking and compliance platform MistTrack revealed the amount of stolen funds stands at 7,500 ETH (around $8.1 million), which was then laundered via crypto mixing service Tornado Cash in a total of 100 transactions.
Creator of Uniswap Labs confirmed that the hacker managed to impersonate the official website and trick the LP provider into signing malicious transactions. The protocol, however, was not exploited.
Phishing Attacks on the Rise
Web2-style attacks such as phishing campaigns continue to wreak havoc in the Web3 landscape. A slew of phishing websites impersonating Stepn, a Solana-based Web3 lifestyle app, was detected in April. More recently, OpenSea reported a data breach that affected the personally-identifying information (PII) of customers subscribed to its mailing list. It warned customers of potential phishing attempts.
According to a new report from CertiK, a leading platform focused on blockchain and DeFi security, phishing attacks have increased by 170% since the last quarter. He also pointed out that social media platforms have become a major problem for Web3 projects. Throughout the second quarter, CertiK recorded 290 attacks compared to 106 in the first quarter of 2022.
“What’s frustrating about these hacks from a web3 security perspective, is that the hackers are deploying the tried and tested tricks of web2 that exploit centralization and human error as a starting point, and are using this to make lateral moves to exploit web3 in turn.”