Binance CEO confirms $4.7 million phishing attack on Uniswap V3
- Binance’s CZ confirmed that Uniswap V3 was hit by a phishing attack where users lost over $4.7 million of Ethereum.
- MetaMask security researcher Harry Denley raised the alarm as a false impression of a UNI airdrop was created.
- Uniswap price has witnessed double-digit losses in response to the attack.
Uniswap V3 users suffered a $4.7 million fake token phishing attack. The phishing campaign targeted liquidity providers of the Uniswap v3 protocol, and nearly 73,399 addresses were sent malicious ERC-20 tokens to steal their assets.
Phishing attack targets liquidity providers of Uniswap V3 protocol
Changpeng Zhao, the CEO of Binance, told his 6.6 million Twitter followers that Binance’s threat intel detected a potential exploit on Uniswap V3 on the Ethereum blockchain. The hacker stole 4,295 ETH so far and laundered the funds through Tornado Cash.
CZ told crypto Twitter that Uniswap is a decentralized project with many users and a grandfather for DeFi, so the token was listed. Uniswap was one of the few tokens where Binance’s team had no direct contact information for founders or the project team.
CZ eventually contacted the Uniswap team and confirmed that the exploit looked like a phishing attack. Uniswap protocol is safe, according to CZ.
evidence that the phishing campaign targeted native coins Ethereum, Binance Coin and Uniswap LP positions. The attacker spent 8.5 ETH in transaction fees to reach 74,800 addresses and has another 90.86 ETH more. Attackers had a two-step approach:
- Send your address and browser client info to /66312712367123.com
- Attempts to steal assets
Users lost upwards of $4.7 million in the attack.
Uniswap price plummeted, posting 10% losses overnight as news of the attack spread on crypto Twitter.