- A community of attackers drained crypto wallets of thousands in a phishing attack.
- The attack was executed by sending a large number of users malicious tokens.
- Users misunderstood these tokens to be sent by the legitimate “Uniswap V3: Positions NFT.”
What is This Phishing Attack About?
One more cryptocurrency fishing attack is in the headlines!
This above-mentioned phishing attack targeted the liquidity providers, commonly known as LPs of the Uniswap v3 protocol. According to sources, the attackers of this campaign have stolen Ethereum(ETH) worth a minimum amount of $4.7 million. This is just the on-records data. The losses can even be greater, according to the crypto community.
Harry Denley did a great job in spreading awareness regarding the field. He announced to his crypto community of 13,000 members on Twitter that thousands of addresses had become the prey to this phishing attack, 73,399 to be precise. The attackers sent malicious ERC-20 tokens to the users. These tokens were used to steal their assets. The tweet was posted on July 11 by the Metamask security researcher.
How Did it Happen?
Denly explained that the phishing attack was executed by sending many users ‘malicious tokens’. These tokens are called ‘UniswapLP.’ The crypto community started believing this was sent by the legitimate “Uniswap V3: Positions NFT”. This is possible as the phishing attack involved manipulating the “From” field in the Blockchain transaction explorer.
The part of the crypto community that got preyed by the phishing attack was redirected to a website that allowed the transactions between Uniswap’s native token UNI with the so-claimed newer token. UNI is worth $5.34 as of this writing. Instead, the browser redirected the user’s info to the command centers of hackers, who would then steal the currency from their wallets. That is when the phishing attack would begin. Many tokens and coins were stolen as a result of the phishing attack. These include ETH, ERC20 tokens, and NFTs.
Source: https://www.thecoinrepublic.com/2022/07/12/fake-uniswap-phishing-attack-shocked-the-crypto-community/