Uniswap Attack: Loses Over $8M of ETH

On 12th of July 2022, several users on uniswap reported losing their ETH in a phishing attack. In total, uniswap lost over $8 million worth of ETH, and while this attack has got nothing to do with the security of the protocol itself, this is a case where the users need to be extra vigilant. 

Let’s start by understanding what phishing attacks are, how they work, and the possible ways you can prevent yourself from being a victim.

What is Phishing?

Phishing is a term used to describe an attack where the hackers pose as a legitimate business, in order to steal sensitive information from its users. Email, Text messages or Telephone calls are some of the most common attack vectors.

Phishing attacks trace their way as far as 2004, where a teen from California created a copy of the website called “America Online” to steal user funds. One way to identify a phishing attack is by looking at its nature.

Phishing attacks often present users with “too good to be true” offers. However, with the airdrop style phishing attacks seen in DeFi, this has become especially hard to identify. One way to protect yourself

So What Went Wrong?

On Tuesday, Uniswap’s V3 liquidity pool (LP) suffered an exploit in which NFT positions worth approximately $8.1 million were illicitly acquired. 

Airdrop bait was used to trick users into sending their recovery phase and password. The pool provider was made to sign the transactions and the hackers stole over $8 million worth of funds.

The underlying smart contract pointed the users to a Uniswap look-alike website, with a message asking the user to claim their Airdrop UNI tokens from liquidity providers on the number of tokens they received.

However, this triggered the underlying smart contract which initiated the process of asset transfer, gaining full control of the user’s wallet.

Be Vigilant, And Beware, Follow Us To Learn More About The Attacks And Their Preventions