How $8 Million Has Been Stolen From Uniswap Airdrop Phishing Attack Explained?
- 13 Jul, 2022
Scammers tricked two Uniswap users into handing over $1.8 billion in bitcoin in exchange for merely $2,000 in the native UNI currency. As of Monday, the exchange’s V3 liquidity providers (LPs) — crypto holders who supply the business with funds to conduct transactions — have been targeted by a phishing scam, reports CoinDesk. Some 75,000 people received scam tokens with intelligent contracts meant to drain their cryptocurrency wallets.
PeckShield, a blockchain analytics business, informed CNET that a wallet had lost $2,444 in ETH and $3,8 million in BTC. 834 ETH ($850,000), 39 BTC ($740,000) were paid up by another unfortunate trader. Stolen ETH worth $8 million has been transmitted to Tornado Cash, a cryptocurrency mixer.
Cybercriminals paid $8,700 on gas expenses to flood 7,481 LPs with bogus tokens that led to an exploitable URL, according to Metamask security expert Harry Denley.
To claim their airdrop, users had to go to the URL and click on the notification that said they would get one NFT token as a reward for participating inside the Uniswap liquidity pool.
Only 10,000 UNI were made available for the airdrop, even though the website said more than 70,000 individuals had been invited. Blockchain explorer has blocked hundreds of thousands more addresses after the release of Etherscan data purporting to indicate outbound payments of $400 UNI ($2,000).
The unsuspecting LP was requested to sign a’setApprovalForAll()’ contract by the fraudster when they clicked the link and claimed the tokens.
Fraudsters Have Corrupted Real Uniswap Airdrops
Changpeng Zhao, the CEO of Binance, quickly tweeted about the issue, hinting at a flaw in the Uniswap protocol as the source. Only after he apologised for inciting fear did he acknowledge being trigger-happy.
According to a tweet from blockchain security startup PeckShield on Tuesday, several high-profile cryptocurrency figures received bogus tokens. To others, this current scam may have taken its cue from earlier valid releases of Unswap currency from the company. V1 and V2 financial were given 49 billion UNI tokens in September 2020.
ApeCoin airdrop was hijacked by hackers who hijacked official social media profiles to publish a phishing link giving access.
A Surge in Phishing Assaults
Phishing operations and other Web2-style assaults are still causing havoc inside the Web3 world. In April, many phishing websites were imitating Stepn, a Solana, California-based Web3 lifestyle software. A data breach including consumers’ personal identifiable information (PII) on OpenSea’s mailing list was recently discovered. Customers were alerted about the possibility of phishing scams.
CertiK, a leading blockchain and DeFi safety platform, released data stating that phishing assaults have surged by 170 per cent during the past quarter. Web3 initiatives have a huge challenge in dealing with social media platforms. CertiK detected 290 assaults in Q2 of 2022, up from 106 during Q1 of that year.