Uniswap Protocol Not Hacked: ~$9M Stolen Using Fake “UniswapLP” Token

On Monday, Binance CEO Changpeng “CZ” Zhao, posted a tweet saying that at least $4.7 million worth of ETH has been stolen from a Uniswap liquidity provider’s wallet due to a potential protocol fault. However, the latest rumors suggest that the attack was actually the result of a fake token airdrop and that the total losses were much greater – around $9.1 million.

Hacker Scammed the Users Using a Fake Airdrop

According to a recent post on Reddit, the hacker sent users a malicious token dubbed “UniswapLP”, which looked almost identical to the actual “Uniswap V3: Positions NFT” contract. The victims were then directed to a website claiming they are able to swap their new tokens for Uniswap (UNI), for $5.34 each.

Users that took the bait connected their wallets, allowing the hacker to easily steal their crypto assets, which were laundered using the Tornado Cash protocol.

“So far, they have scammed (~$9.1million) from users, from native tokens (ETH), ERC20 tokens, and NFTs (namely, Uniswap LP positions), The stolen ETH is being laundered through Tornado Cash.”

Reddit post by /u/SurenRongyao

The post also said the attacker had snatched multiple native tokens from users’ wallets including ETH, ERC-20 tokens, as well as some nonfungible tokens (NFTs).

Join our Telegram group and never miss a breaking digital asset story.

Binance CEO First to Tweet About the Attack

Changpeng Zhao, Chief Executive Officer of Binance, was reportedly the first to warn about the attack, claiming 4295 ETH were stolen due to a “potential exploit” of Uniswap’s network protocol. However, CZ shortly updated the tweet, saying the funds were stolen because of a phishing attack.

“Connected with the @uniswap team. The protocol is safe,”

CZ tweeted.

Uniswap founder Hayden Adams also weighed in shortly afterward, saying the rip-off had nothing to do with Uniswap’s protocol, and that instead the funds were stolen following a successful phishing attack as users “approved malicious transactions.”

Crypto Phishing Attacks Trebled Over Last Year

A recent research report showed that the number of phishing attacks aimed at crypto users has more than trebled to 6.6% this year, and rose by 6.1% in the payments industry relative to 2021.

Data also shows that crypto represented just 2% of phishing attacks in 2021. This marks a sharp surge in the number of crypto phishing attempts over just one year, though the most targeted industries are still financial services, social media, as well as SaaS platforms, and webmail services.

Do you think phishing attacks are becoming a serious risk for crypto users? Let us know in the comments below.