{"id":473087,"date":"2022-07-12T07:59:09","date_gmt":"2022-07-12T04:59:09","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack\/"},"modified":"2022-07-12T07:59:09","modified_gmt":"2022-07-12T04:59:09","slug":"more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack\/","title":{"rendered":"# More than $4.7M stolen in Uniswap fake token phishing attack"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a4114be69ee7\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a4114be69ee7\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack\/#%E2%80%9D_More_than_47M_stolen_in_Uniswap_fake_token_phishing_attack_%E2%80%9C\" >&#8221; More than $4.7M stolen in Uniswap fake token phishing attack &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack\/#How_it_works\" >How it works<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack\/#Not_an_exploit\" >Not an exploit<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_More_than_47M_stolen_in_Uniswap_fake_token_phishing_attack_%E2%80%9C\"><\/span>&#8221; More than $4.7M stolen in Uniswap fake token phishing attack &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDcvZDkxOTc4M2YtMzQwNi00ZGMzLTlkMTQtNjQ2ODY2OGQyMzdhLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-2a0745c6>A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers make off with at least $4.7 million worth of Ethereum (ETH). However, the community is reporting the losses could be even greater.\u00a0<\/p>\n<p>Metamask security researcher Harry Denley was one of the first to raise the alarm bells of the attack, telling his 13,000 <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> followers on July 11 that 73,399 addresses had been sent malicious ERC-20 tokens to steal their assets. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u26a0\ufe0f As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=%24UNI&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$UNI<\/a> airdrop based on their LP&#8217;s<\/p>\n<p>Activity started ~2H ago<br \/>0xcf39b7793512f03f2893c16459fd72e65d2ed00c<\/p>\n<p>cc: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\">@Uniswap<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/etherscan?ref_src=twsrc%5Etfw\">@etherscan<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5W51AikFuV\">pic.twitter.com\/5W51AikFuV<\/a><\/p>\n<p>\u2014 harry.eth  (whg.eth) (@sniko_) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/sniko_\/status\/1546535668247060481?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nAt least $4.7 million in ETH has been lost in the attack, according to a Twitter <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/cz_binance\/status\/1546624143432433664\">post<\/a> from Binance CEO Changpeng \u201cCZ\u201d Zhao. However, there are also reports amongst the crypto community that there may be more significant losses from the incursion. <\/p>\n<p>Prominent crypto Twitter user 0xSisyphus noted on July 11 that a \u201clarge LP\u201d with around 16,140 ETH, worth $17.5 million, may have also been phished. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">did a large LP get phished?<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/3n6oruM8Hj\">https:\/\/t.co\/3n6oruM8Hj<\/a><\/p>\n<p>the v3 NFTs in 0x09b5 all originated from this wallet which has 16k ETH ($18m) sitting in it<\/p>\n<p>\u2014 Sisyphus (@0xSisyphus) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xSisyphus\/status\/1546626862562086916?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_it_works\"><\/span>How it works<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>According to Denley, the phishing attack works by sending unsuspecting users a \u201cmalicious token\u201d called \u201cUniswapLP\u201d \u2014 made to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ear as coming from the legitimate &#8220;Uniswap V3: Positions NFT&#8221; contract by manipulating the \u201cFrom\u201d field in the blockchain transaction explorer. <\/p>\n<p>Users curious about their new tokens would be directed to a website purporting to allow them to swap their new tokens for Uniswap\u2019s native token UNI, worth $5.34 each at the time of writing. <\/p>\n<p>The website would instead send the users\u2019 address and browser client info to the attackers\u2019 command center, which would also attempt to drain cryptocurrency from their wallets. <\/p>\n<p>A Reddit <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reddit.com\/r\/CryptoCurrency\/comments\/vx0ztk\/7500_eth_91_million_stolen_in_uniswap_phishing\/?utm_source=dlvr.it&amp;utm_medium=twitter\">post<\/a> also explaining the attack noted that the attackers had stolen native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) from victims. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Please be aware that there is currently a Phishing scam happening that targets Uniswap V3 LP\u2019s. <\/p>\n<p>It does not look like a Uniswap protocol hack. <\/p>\n<p>No matter what, if you get tokens airdropped to your wallet of ynknown origin &#8211; DON\u2019T Interact with them !!!<\/p>\n<p>\u2014 Mel  (@belikewater893) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/belikewater893\/status\/1546632962191818752?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Not_an_exploit\"><\/span>Not an exploit<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Binance\u2019s CEO Zhao created some waves in the crypto markets when he first sounded alarms about the attack, calling it a \u201cpotential exploit\u201d of the Uniswap protocol on the ETH blockchain.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Finance Redefined: Uniswap goes against the bearish trends, overtakes Ethereum<\/em><\/strong><\/p>\n<p>Zhao clarified soon after the post with another update, sharing a conversation with the Uniswap team, who noted the attack was part of a phishing attack rather than any issue with the protocol. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Connected with the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\">@uniswap<\/a> team. The protocol is safe. <\/p>\n<p>The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.<\/p>\n<p>Learn to protect yourself from phishing. Don&#8217;t click on links.  <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/FIXebz3iBC\">pic.twitter.com\/FIXebz3iBC<\/a><\/p>\n<p>\u2014 CZ  Binance (@cz_binance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/cz_binance\/status\/1546631971626958848?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>CZ\u2019s initial alarming comments coincided with a sharp drop in the Uniswap price, which fell to a 24-hour low of $5.34. The price of UNI has since recovered following the clarification to $5.48 at the time of writing but is still down 11% in 24 hours and is 87.8% down from its all-time-high (ATH). <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/more-than-4-7m-stolen-in-uniswap-fake-token-phishing-attack\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; More than $4.7M stolen in Uniswap fake token phishing attack &#8220; A sophisticated phishing campaign targeting liquidity providers (LPs) of the Uniswap v3 protocol has seen attackers make off with at least $4.7 million worth of Ethereum (ETH). However, the community is reporting the losses could be even greater.\u00a0 Metamask security researcher Harry Denley&#8230;<\/p>\n","protected":false},"author":1,"featured_media":473088,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDcvZDkxOTc4M2YtMzQwNi00ZGMzLTlkMTQtNjQ2ODY2OGQyMzdhLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,74892,88700,117,75134],"class_list":["post-473087","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-tokens","tag-uniswap","tag-business","tag-phishing"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/473087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=473087"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/473087\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/473088"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=473087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=473087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=473087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}