The fraudulent airdrop offered 400 free UNI tokens worth approximately $ 2.000. Users were asked to link their cryptocurrency wallets to request the funds. However, thanks to the sophisticated phishing campaign, the attackers managed to steal over 7.500 ETH.
According to MetaMask security researcher Harry Denley, a malicious token disguised as an airdrop token was sent to approximately 73.399 wallet addresses linked to Uniswap.
The malicious smart contract code deployed on Etherscan has not been verified, which legitimate projects usually do. The information contained in the smart contract then led to a website purporting to allow users to exchange their new tokens with Uniswap, worth $ 5,34 each.
The message claimed to distribute UNI tokens to liquidity providers based on the number of fake LP tokens received.
The malicious UniswapLP token appeared to come from a legitimate “Uniswap V3: Positions NFT” contract by manipulating the “From” field in the blockchain's transaction explorer.
A liquidity provider is one who supplies their crypto assets to a platform to help decentralize trading. In return, it is rewarded with the commissions generated by transactions on the platform, which can be considered a form of passive income.
After distribution, the hacker tricked users into signing a transaction that gave them access to all Uniswap LP tokens held by the user. The phishing message, in fact, authorized the underlying smart contract to transfer the activities from the user's wallet and gain full control.
According to data from Etherscan, more than 74.000 wallets have interacted with the phishing scam's smart contract so far.
One person, who was providing over $ 8 million worth of wrapped Bitcoin (WBTC) and USD coins (quotation USDC) to a WBTC / USDC liquidity pool, unknowingly interacted with the phishing scam. The attacker then gained control of the portfolio, exited the LP positions and withdrew all liquidity from Uniswap.
Data from the blockchain also shows that the attacker began moving stolen funds through the Tornado Cash privacy protocol on Tuesday.
Cryptocurrencies have revolutionized the world of economics and investment, offering a decentralized alternative to traditional…
Milkomedia-C1 announced the integration of the DJed stablecoin network on its platform. Milkomeda C1, a…
Cryptocurrencies have gained immense popularity over the last decade, attracting investors from all over the world. However,…
The former cryptocurrency exchange FTX was based in the Bahamas. The island nation has not been…
As Shiba Inu adoption skyrockets, the memecoin and the entire Shiba ecosystem…
The adoption of digital currencies such as Bitcoin has continued to grow unabated. Many…