An elaborate phishing attack has siphoned $8 million in cryptocurrency from Uniswap users. They thought they were getting an airdrop. What happened?
Phishing: Uniswap users take the bait
The attack was described by Harry Denley, an analyst with Metamask, who explains how the phishing took place, and how Uniswap users were fooled. A “malicious token” was allegedly sent to liquidity providers (LPs), with the promise of an airdrop:
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
– harry.eth (whg.eth) (@sniko_) July 11, 2022
Several techniques were used to make this fake airdrop appear legitimate. First, the attackers managed to get the upload indexed on block browsers such as Etherscan so that it appeared to come from a legitimate contract:
The name of this malicious token linked to a /uniswaplp.com domain name, which itself mimicked the appearance of regular Uniswap communications. The funds were then stolen from this secondary site. In total, more than $8 million in ETH was allegedly sent to the Tornado Cash blender to be laundered.
Changpeng Zhao sounds the alarm
Many people have reacted to this massive attack, including Binance Changpeng Zhao. A little too quickly? The CEO of Binance announced that his teams had “detected a potential attack on Uniswap V3, on the ETH blockchain”. Then he corrected himself, saying that it was only a phishing attack – but a very effective one:
Connected with the @uniswap team. The protocol is safe.
The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Don’t click on links. pic.twitter.com/FIXebz3iBC
– CZ Binance (@cz_binance) July 11, 2022
The lesson of this case is that one must always be extremely careful, even when the site seems legitimate. It cannot be repeated enough: clicking on unknown links is not a good idea, and using “cold” wallets is the best way to protect your cryptocurrencies.