More than $4.7M stolen in Uniswap phishing attack, using fake tokens

More than $4.7M stolen in Uniswap phishing attack, using fake tokens

At least $4.7 million in ETH has been phished from the Uniswap v3 protocol. The reason is a sophisticated phishing campaign targeting liquidity providers (LPs). However, the losses could be much higher.

Exploit or phishing?

Monday, July 11, proved to be a difficult day for users and developers of the Uniswap platform. As a result of the attack, huge amounts of money disappeared from the protocol. One of the first people to report the incident was Harry Denley, a MetaMask security researcher. Via Twitter, he informed:

“From block 151,223.32 a malicious token was sent to 73,399 addresses to target their resources, under the false impression of airdrop $UNI based on their LP.

Activity started ~2 hours ago.”

As a result of the hackers’ activities, a total of $4.7 million was defrauded, according to a preliminary assessment. However, another Twitter user with the nickname Crypto 0xSisyphus noted that a large liquidity provider with some 16,140 ETH, worth $17.5 million, may have also fallen victim to the attack.

An even more significant alarm was raised in turn by Binance CEO Changpeng Zhao. He informed his community that the Uniswap protocol may have experienced a “potential exploit.” After consulting with the Uniswap team, however, he quickly dismissed such a scenario, significantly reassuring the market.

Principles of phishing

Shortly thereafter, Harry Denley shared with his observers the principles on which the phishing attack was supposed to work. According to him, an unsuspecting user of the Uniswap v3 contract, received an airdrop called “UniswapLP.” It occurred by manipulating the “From” field in the blockchain transaction explorer. 

In further steps, curious users were directed to a website allowing them to exchange the received tokens for Uniswap (UNI). As a result, the website, instead of performing the transaction envisioned by its victim, sent the user’s address and browser client information to the attackers’ headquarters. Thus, a path was opened before the attackers to empty their victims’ wallets. 

Uniswap Labs’ response

The Uniswap Labs team swiftly sprang into action. In addition to the corrective information provided via CZ, details of the attack were provided the very next day. They confirmed the scenario presented by Denley.

Among the broad explanations, included sentences like this:

“Protect yourself from phishing by checking domain names. We primarily operate under the domain . Airdrops that direct you to unofficial domains are probably phishing attempts. We never make airdrops without informing you through official channels.”

The community was also warned that a similar attack could await any other protocol in the future. Therefore, extreme caution is advised.

As a result of the attack, UNI lost nearly 15% on its valuation in a short while.

Disclaimer: Blockbulletin does not take accountability of investments based on the information of the website. We highly advice readers to make extensive research prior to any invest

Share this article

More news

All articles loaded
No more articles to load


Cryptocurrency wallets

Cryptocurrency wallets

We talked about security when trading crypto assets in an article titled “Online security“. We also mentioned how important it…
hardware wallets

Cryptocurrency hardware wallets

From the article titled “Cryptocurrency wallets” you learned about the different types of wallets. They were briefly characterized there. Let’s…
Where to buy cryptocurrency brokers

Which cryptocurrency Brokers to use

In the article “Where to Buy Cryptocurrencies (Exchanges)“, we introduced you to which exchange platforms you can purchase cryptocurrencies on.…
Trading cryptocurrencies

Trading cryptocurrency

In the cryptocurrency market, you face many opportunities to invest in cryptocurrency or buy or sell cryptocurrency. If you want…
All articles loaded
No more articles to load


All articles loaded
No more articles to load

Latest news

All articles loaded
No more articles to load