Hackers extract more than USD $8 million from Uniswap user through phishing attack – DiarioBitcoin

Texas could raise funds through NFT and harness 'abundant' energy to mine Bitcoin

Hackers extract more than USD $8 million from Uniswap user through phishing attack - DiarioBitcoin By Hannah Perez

A Uniswap liquidity provider lost just over $8 million after falling for a phishing scam that promised an airdrop and pretended to be Uniswap.

***

  • Hackers steal several million dollars in ETH in phishing scam.
  • The attack targeted Uniswap’s liquidity providers.
  • A single wallet saw losses of more than $8 million.

Hackers are at it again in DeFi. This time, a malicious actor has stolen more than $8 million from ethereum (ETH) in a phishing attack targeting the liquidity providers of uniswap (UNI).

The incident occurred on Monday after the attacker sent a token malicious mimics token native to the decentralized exchange, UNI, to over 70,000 wallet addresses ethereum which had provided liquidity to uniswap. The security researcher Metamask, identified as “harry.eth” on Twitter, broke the news.

So far they have spent 8.5 ETH on tx fees [transacciones] to get to 74,800 addresses, they have 90.86 more ETH to spend“wrote the researcher in a tweet on Monday.

Losses of more than USD $8 million

According to reports, the scam phishing promised a air drop 400 free tokens UNI (worth approximately $2,200 USD), for which users were asked to connect their wallets and sign the transaction.

See also  LG and Apple have agreed for several million dollars

In accordance with CoinDesk, the air drop claimed to be targeting liquidity providers (LPs) based on the amount of tokens Fake LP they received. Liquidity providers supply their assets in uniswap in exchange for rewards.

Following the pattern of attacks phishingvictims were directed to a malicious website that mimicked the official interface of uniswap. However, when they advanced to claim the air drop, inadvertently granted the attacker access to their wallets. From there, the hacker proceeded to make transfers to empty their wallets.

Despite targeting a vast number of wallets, it appears that much of the stolen funds have come from a single address. The string datawhich were cited by CoinDesk, reveal that a user who was providing more than USD $8 million in bitcoin wrapped (WBTC) and USD Coin (USDC) to a liquidity pool of uniswap interacted with the scam.

After gaining control of that wallet, the attacker exited the user’s LP positions and began sending the coins to various addresses. The data show which then sent the funds to the privacy protocol TornadoCash. In accordance with Crypto Briefingthe hacker has laundered more than 7,500 ETH worth approximately $8.6 million.

Not the first phishing scam

The founder and CEO of BinanceChangpeng Zhao also warned about the attack a few hours later. Although pheap he claimed in a tweet that there was an exploit in the decentralized finance (DeFi) protocol UniswapV3later corrected information to explain that the attack was the result of a scam phishing.

The team of uniswap promptly responded to alert messages. This was a phishing attack that resulted in the taking of some LP NFTs from people who approved malicious transactions“, said the creator of uniswapHayden Adams, emphasizing that it was a hack “totally separate from the protocol”.

Although not directly affected, the token UNI recorded losses after the incident. At press time, the UNI price has fallen 6.4% to trade at USD $5.76; although it could well be part of a broader decline in the market.

See also  Ripple will stop operating in the US if the SEC wins the lawsuit in court, says CEO Brad Garlinhouse

The attacks phishing are common in the cryptocurrency space. In May, during the launch of the NFT series “other side“, of the popular Bored Ape Yacht Club (BAYC), scammers pulled a similar trick when searching Lure victims to malicious links that masquerade as the website of YugaLabs to steal your collectibles.


Recommended reading


Article by Hannah Estefanía Pérez / DailyBitcoin

Picture of Depositphotos

WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.

Leave a Comment

Your email address will not be published.