A sophisticated phishing effort was launched against Uniswap v3 protocol liquidity providers via a computer assault. So far, this hack has apparently cost over $8 million in ETH.
According to Metamask, 73,399 addresses have received a token dubbed “UniswapLP” that targets their assets while masquerading as a bogus UNI token airdrop.
By modifying the “From” field in the blockchain’s transaction explorer, the fraudulent token seemed to come from a valid “Uniswap V3: NFT Positions” contract. The criminal actors’ website would then read users’ private information and take money from their wallets.
The sum of stolen assets is expected to be 7,500 ETH (roughly $8.1 million), according to cryptocurrency tracking and compliance tool MistTrack, which was subsequently laundered through the cryptocurrency mixing service. Tornado Cash was used in 100 transactions.
The founder of Uniswap Labs revealed that the hackers were successful in impersonating the official site and duping the LP provider into signing fraudulent transactions. The protocol, however, was not used.
Crypto Users Are Becoming More Visible
Phishing assaults are still doing harm. In this regard, a number of phishing sites masquerading as StepN were discovered in April. Recently, OpenSea disclosed a data breach involving personally identifiable information (PII) of consumers on their mailing list. She forewarned her consumers about potential phishing attacks.
According to CertiK, a blockchain and DeFi security platform, phishing assaults have surged 170% from the previous quarter. According to the company, social networking sites have become a big source of frustration for Web3 initiatives. CertiK registered 290 assaults in the second quarter, compared to 106 in the first quarter of 2022.