June 7, 2023

Hackers attack Uniswap liquidity providers via fake airdrop

Hackers attack Uniswap liquidity providers via fake airdrop

The head of the Binance bitcoin exchange, Changpeng Zhao, said that site researchers have discovered a potential vulnerability in the third version of Uniswap (v3). However, later it turned out that this was a phishing attack on the user, and not a protocol vulnerability.

Zhao’s message stated that the attacker withdrew 4295 ETH ($4.6 million at the time of writing) from the protocol and sent them to the Tornado Cash mixer.

PeckShield stated that there was an attack on a liquidity provider (LP).

One of the first to report the phishing campaign was security specialist Harry Denley. He noted that the attackers sent malicious tokens under the guise of an airdrop from Uniswap to more than 70,000 addresses.

Victims interested in the received tokens are redirected to a fraudulent site. Subsequently, the hackers steal the funds.

The number of affected users and the total amount of damage are still unknown.

Hayden Adams, the creator of the Uniswap protocol, has confirmed that this is a phishing campaign. He advised not to click on links that could be malicious.

Changpeng Zhao said he contacted the Uniswap team and confirmed that the protocol was secure.

Some users pointed out that it's not a good idea to post unverified claims on Twitter, "especially if you have millions of followers."

Recall that in 2020, experts discovered a fake Uniswap application that was stealing cryptocurrency from users.

Read more about Uniswap in the ForkLog cards.

Read ForkLog bitcoin news in our Telegram - cryptocurrency news, courses and analytics.