Yesterday, Binance founder and CEO Changpeng CZ Zhao revealed that there was a potential exploit on Uniswap V3 due to which 4,295 ETH were stolen.
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ ? Binance (@cz_binance) July 11, 2022
4,295 ETH (Ethereum) corresponds to about $4.5 million, and would be laundered through Tornado Cash.
However, this would not be the result of an actual hack, or a bug, but a phishing campaign.
To be clear, this is not a Uniswap V3 exploit. Rather, it seems to have been a very successful phishing campaign https://t.co/S7vWZmT1uW
— samczsun (@samczsun) July 11, 2022
What is phishing?
Phishing is a technique adopted by some scammers who manage to convince users to give them their login credentials voluntarily, often posing as legitimate operators.
The most commonly used phishing technique is that of a fake site that faithfully replicates another in order to induce the unlucky parties to enter their login credentials believing it to be the legitimate website.
In this specific case, It would appear that Uniswap v3 protocol liquidity providers (LPs) were targeted. According to some community members, the losses may be greater than those highlighted by CZ.
One explanation was provided by MetaMask security researcher Harry Denley, who was already reporting on Monday that 73,399 addresses were sent a malicious token passed off as a UNI airdrop (Uniswap’s governance token).
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP’s
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— harry.eth ?? (whg.eth) (@sniko_) July 11, 2022
Fake Uniswap V3
The malicious smart contract was pretending that the source of these tokens was “Uniswap V3: Positions NFT”, while the name of the token led back to the domain uniswaplp.com, which has nothing to do with Uniswap but pretended to be the DEX.
This website then required users to send their real tokens to the hackers’ address. On Monday, Denley pointed out that with this technique the hackers had already taken possession of ETH, ERC20 tokens and NFTs totaling $30,000.
It was later discovered that the address that created the fake NFTs contained more than 16,000 ETH, or more than $18 million.
did a large LP get phished?https://t.co/3n6oruM8Hj
the v3 NFTs in 0x09b5 all originated from this wallet which has 16k ETH ($18m) sitting in it
— Sisyphus (@0xSisyphus) July 11, 2022
CZ himself later had to rectify his first tweet and said that it was not an exploit, confirming the phishing attack hypothesis, admitting that the Uniswap V3 protocol is secure, and offering an apology.
Connected with the @uniswap team. The protocol is safe.
The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Don’t click on links. ? pic.twitter.com/FIXebz3iBC
— CZ ? Binance (@cz_binance) July 11, 2022
Source: https://en.cryptonomist.ch/2022/07/13/4000-eth-stolen-uniswap-v3/