Some individuals using Uniswap V3 have suffered a phishing attack. The attacker has stolen over 7,500 ETH, worth about $8.1 million.
Several users have lost ETH after experiencing a phishing attack using the Uniswap V3 protocol. Numerous sources are reporting that over 7,500 ETH was stolen. The incident has nothing to do with the Uniswap protocol itself, rather than the victims approved malicious transactions.
Uniswap under attack
Binance CEO Changpeng Zhao tweeted on July 12 highlighting that the exchange had detected a potential exploit on Uniswap V3, with the stolen funds being laundered through mixing service Tornado Cash.
Security researcher Harry Denley from MetaMask also noted that 73,399 addresses were sent a malicious token on July 11, with these users given the impression that they would be rewarded Uniswap tokens.
Uniswap creator Hayden Adams has confirmed that the attack involved phishing and had nothing to do with the protocol itself. He urged users to be wary of phishing attempts and take the necessary precautions. The smart contract has been checked, and it appears to be fine.
The victims were sent a malicious token called UniswapLP and were then sent to a website that stated that they could swap the malicious token for UNI. The website would then read sensitive information and steal funds from wallets. The total losses currently stand at $8.1 million, though that figure might be much higher as more information arrives.
The incident highlights the need for more awareness about phishing attacks. This method of theft continues to be a popular way to target unsuspecting individuals, and a number of prominent entities have been affected.
Phishing attacks plague NFT and DeFi market
There are multiple ways in which a bad actor carries out theft in the crypto market, but phishing has become one of the most popular methods. Unfortunately, in this case, the onus is largely on the user’s side to be careful — and many still click on malicious links thinking they are legitimate.
American actor and comedian Seth Green was one of the latest to experience a phishing attack, losing four NFTs worth more than $300,000. Crypto data aggregator websites have also been targets, including major platforms CoinGecko, Etherscan, and Dextool.
As such, companies in the space have worked to educate and inform parties to be careful. MetaMask issued a warning saying that Apple users were at risk of phishing attacks, while OpenSea’s CEO has had to reassure users after an attack on the NFT marketplace.