- A hacker stole approximately $8.6 million in crypto assets on Monday in a targeted phishing attack on Uniswap liquidity providers.
- While the attacker targeted 7,399 Ethereum addresses, most of their haul seems to have come from a single victim.
- The attacker tricked victims into approving a malicious transaction by creating a fake UNI airdrop link on a website mimicking Uniswap.
Share this article
On-chain data indicates that most of the losses were incurred by a single Ethereum wallet providing liquidity to Uniswap.
Uniswap Liquidity Providers Phished for $8.6 Million
A hacker has stolen over $8.6 million worth of crypto assets from liquidity providers on the world’s largest decentralized exchange, Uniswap.
The incident occurred late Monday when an attacker sent a malicious token disguised as the exchange’s native governance token UNI to approximately 7,399 Ethereum addresses that had provided liquidity on Uniswap. Victims were directed to a malicious website that mimicked Uniswap’s official frontend. The phishing site instructed the victims to claim the malicious UNI tokens as a reward for providing liquidity on the exchange, but when the victims agreed to the claim, they inadvertently approved a transaction that granted the attacker access to their wallets. From there, the attacker could make token transfers to drain their wallets.
Despite targeting a considerable number of Uniswap liquidity providers, most of the attacker’s illicit haul seems to have come from a single victim. After gaining access to their wallet, the attacker stole the NFT representing the victim’s liquidity position in the wBTC/USDC liquidity pool on Uniswap V3, exited the position, and swapped the assets for ETH. The attacker then began laundering the funds through the privacy preservation protocol Tornado Cash. Based on on-chain data, the attacker has laundered over 7,500 ETH worth approximately $8.6 million at the time of the attack.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s
Activity started ~2H ago
— harry.eth 🦊💙 (whg.eth) (@sniko_) July 11, 2022
A MetaMask security researcher going under harry.eth on Twitter sounded the alarm on the incident late Monday. However, their warning went largely unnoticed until a few hours later Binance CEO Changpeng Zhao independently alerted of the same incident—first claiming that there was an exploit on the Uniswap V3 protocol itself, before rescinding his claim and confirming that the exploit was the result of a phishing attack.
Phishing attacks are common in the crypto industry. In a separate series of attacks, during Yuga Labs’ high-profile Otherside NFT drop in May, scammers pulled a similar trick by setting up and luring victims to malicious links posing as Yuga Labs’ website. They made off with over $3.7 million.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.