Popular cryptocurrency exchange with a decentralized network protocol, Uniswap reportedly lost approximately $8 million worth of Ethereum in a recent advanced phishing attack. The cyberattack has compromised several digital assets of investors in the crypto exchange company.
Cybersecurity experts say that the threat actor has lured the victims to permit transactions of free UNI tokens to gain access to their wallets. The threat actor used “setApprovalForAll” function to assign or revoke full approval rights. Experts reported that almost 7,574 ETH wallets were targeted for gaining control and stealing Uniswap v3 LP tokens in wallets then moved 7,500 to the Tornado Cash service for money laundering.
The software company named Check Point’s security researchers say that the threat actors created and airdropped an ERC20 token to 73,399 users holding UNI tokens. Then the recipients were directed to a domain named “uniswaplp[.]com” impersonating as official Uniswap domain.
Then they appeared as “Uniswap V3: position NFT” to the users and tricked them to trust it to allow approval. Researchers reported that users who pressed the ‘Click here to claim” button for thinking it was a legitimate activity on Uniswap lost their assets.
Reportedly the cryptocurrency software wallet MetaMask has provided a warning with a list of domains used for performing phishing activity in Uniswap. Uniswap’s official Twitter account Uniswap Labs has also tweeted confirming the recent attack saying, “Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today. To be clear: there was no exploit. The Protocol always was and remains secure.”
1/ Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today. To be clear: there was no exploit. The Protocol always was β and remains β secure. Hereβs what happened.π
— Uniswap Labs π¦ (@Uniswap) July 12, 2022
