Uniswap liquidity provider loses $8 million in a phishing attack

Uniswap liquidity provider loses $8 million in a phishing attack

By Hassan Maishera - min read

A liquidity provider on the Uniswap decentralised exchange has lost $8 million to a phishing attack.

An unknown hacker has stolen $8 million from the wallet of a liquidity provider of the Uniswap network.

According to the smart contract security firm PeckShield, the liquidity provider was the victim of a phishing tactic, which allowed the attacker to steal over 7,500 ETH tokens (around $8 million). 

Before the attack, the hacker targeted the liquidity provider using a fake Uniswap airdrop token. The victim took the phishing bait and claimed the token. They interacted via a malicious smart contract which gave the hacker full control over the liquidity provider’s wallet. 

At the time of the attack, the liquidity provider’s wallet was providing around $8 million to a WBTC/USDC liquidity pool on Uniswap version 3 

After illegally gaining access to the wallet, the attacker proceeded to exit the user’s liquidity position, swapped the assets and moved them out. Furthermore, the hacker transferred the fund via Tornado Cash, a transaction mixer on the Ethereum network.

Changpeng Zhao, the CEO of Binance, was the first to bring the incident to the attention of the general public. He tweeted that there was a potential hack in the Uniswap protocol but later revealed that it was a phishing attack and not an attack on the network. 

Uniswap founder Hayden Adams also came out to comment that the phishing attack was separate from the protocol. He said;

“This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. Totally separate from the protocol. A good reminder to protect yourself from phishing and not click on malicious links.”

This latest attack is a reminder to cryptocurrency investors to take the security of their assets very seriously. Investors and traders should take extra steps to ensure that their funds are safe from attackers.