The hacker targeted the liquidity providers of the Uniswap v3 protocol to execute an elaborate phishing campaign. More than $8 million in ETH was believed to бе lost so far in the attack.
Uniswap v3 Protocol LPs Targeted
Metamask security analyst Harry Denley was the first one to detect the incident. He observed that 73,399 addresses were sent a malicious token called “UniswapLP” to target their assets under the pretext of a false UNI tokens airdrop.
The malicious token sent to the victims appeared to come from a legitimate “Uniswap V3: Positions NFT” contract by manipulating the “From” field in the blockchain transaction explorer. The website hosted by bad actors would then read sensitive user information and steal funds from their wallets.
The entity behind the attack is believed to be part of a much more sophisticated attack that had targeted roughly 73,399 addresses by sending a malicious token.
Binance CEO Changpeng “CZ” Zhao speculated that nearly $4.7 million worth of Ether had been drained in the attack. However, crypto tracking and compliance platform MistTrack revealed the amount of stolen funds stands at 7,500 ETH (around $8.1 million), which was then laundered via crypto mixing service Tornado Cash in a total of 100 transactions.
Uniswap Labs’ creator confirmed that the hacker managed to impersonate the official website and deceive the LP provider into signing malicious transactions. The protocol, however, hasn’t been exploited.
Phishing Attacks on the Rise
Web2-style attacks such as phishing campaigns continue to wreak havoc in the Web3 landscape. A slew of phishing websites impersonating Stepn, a Solana-based Web3 lifestyle app, was detected in April. More recently, OpenSea reported a data breach that affected the personally-identifying information (PII) of customers subscribed to its mailing list. It warned customers of potential phishing attempts.
According to a new report by a prominent blockchain and DeFi security-focused platform, CertiK, phishing attacks have increased by 170% since last quarter. It also underscored that social media platforms have emerged as a major pain point for Web3 projects. Throughout Q2, CertiK recorded 290 attacks compared to 106 in Q1 of 2022.
“What’s frustrating about these hacks from a web3 security perspective, is that the hackers are deploying the tried and tested tricks of web2 that exploit centralization and human error as a starting point, and are using this to make lateral moves to exploit web3 in turn.”