A liquidity provider on the Uniswap decentralised exchange has lost $8 million to a phishing attack.
An unknown hacker has stolen $8 million from the wallet of a liquidity provider of the Uniswap network.
According to the smart contract security firm PeckShield, the liquidity provider was the victim of a phishing tactic, which allowed the attacker to steal over 7,500 ETH tokens (around $8 million).
Before the attack, the hacker targeted the liquidity provider using a fake Uniswap airdrop token. The victim took the phishing bait and claimed the token. They interacted via a malicious smart contract which gave the hacker full control over the liquidity provider’s wallet.
At the time of the attack, the liquidity provider’s wallet was providing around $8 million to a WBTC/USDC liquidity pool on Uniswap version 3
After illegally gaining access to the wallet, the attacker proceeded to exit the user’s liquidity position, swapped the assets and moved them out. Furthermore, the hacker transferred the fund via Tornado Cash, a transaction mixer on the Ethereum network.
Changpeng Zhao, the CEO of Binance, was the first to bring the incident to the attention of the general public. He tweeted that there was a potential hack in the Uniswap protocol but later revealed that it was a phishing attack and not an attack on the network.
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ 🔶 BNB (@cz_binance) July 11, 2022
Uniswap founder Hayden Adams also came out to comment that the phishing attack was separate from the protocol. He said;
“This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links.”
This latest attack is a reminder to cryptocurrency investors to take the security of their assets very seriously. Investors and traders should take extra steps to ensure that their funds are safe from attackers.