THELOGICALINDIAN - Uniswap clamminess providers accept collapsed victim to a adult phishing advance accident about 86 actor account of crypto assets
On-chain abstracts indicates that best of the losses were incurred by a distinct Ethereum wallet accouterment clamminess to Uniswap.
Uniswap Liquidity Providers Phished for $8.6 Million
A hacker has baseborn over $8.6 actor account of crypto assets from clamminess providers on the world’s better decentralized exchange, Uniswap.
The adventure occurred backward Monday back an attacker beatific a malicious token bearded as the exchange’s built-in babyminding badge UNI to about 7,399 Ethereum addresses that had provided clamminess on Uniswap. Victims were directed to a awful website that mimicked Uniswap’s official frontend. The phishing armpit instructed the victims to affirmation the awful UNI tokens as a accolade for accouterment clamminess on the exchange, but back the victims agreed to the claim, they aback accustomed a transaction that accepted the antagonist admission to their wallets. From there, the antagonist could accomplish badge transfers to cesspool their wallets.
Despite targeting a ample cardinal of Uniswap clamminess providers, best of the attacker’s adulterous booty seems to accept appear from a distinct victim. After accepting admission to their wallet, the antagonist blanket the NFT apery the victim’s clamminess position in the wBTC/USDC clamminess basin on Uniswap V3, exited the position, and swapped the assets for ETH. The antagonist again began bed-making the funds through the aloofness canning agreement Tornado Cash. Based on on-chain data, the antagonist has apple-pie over 7,500 ETH account about $8.6 actor at the time of the attack.
A MetaMask aegis researcher activity beneath harry.eth on Twitter sounded the alarm on the adventure backward Monday. However, their admonishing went abundantly disregarded until a few hours after Binance CEO Changpeng Zhao apart alerted of the aforementioned incident—first claiming that there was an accomplishment on the Uniswap V3 agreement itself, afore abolishment his affirmation and acknowledging that the accomplishment was the aftereffect of a phishing attack.
Phishing attacks are accepted in the crypto industry. In a abstracted alternation of attacks, during Yuga Labs’ high-profile Otherside NFT bead in May, scammers pulled a agnate ambush by ambience up and adorable victims to awful links assuming as Yuga Labs’ website. They fabricated off with over $3.7 million.
Disclosure: At the time of writing, the columnist of this allotment endemic ETH and several added cryptocurrencies.
