Binance CEO Changpeng Zhao (CZ) said in a Tweet that their intel unit identified an exploit on Uniswap V3 on the Ethereum blockchain.

Uniswap liquidity providers (LPs) have suffered a phishing attack lasting around eight hours. It was a fake token phishing attack in which 73,399 addresses received malicious ERC-20 tokens from where the hacker stole the funds and laundered them through Tornado Cash.

About Uniswap

Uniswap is a decentralized project with a listed token. Uniswap crypto exchange is primarily used for trading altcoins such as avalanche and Shiba Inu. It is among those few tokens with limited information for the founding members of the project team.

Uniswap LPs are basically users who receive interest from the exchange for depositing cryptocurrency into its system. The company has around 230,000 LPs.

What Happened?

On Monday, July 11th, unidentified scammers targeted Uniswap LPs and sent them fake Uniswap tokens to 74,800 out of the 230,000 LPs. They were directed to a dodgy website where they had to exchange the tokens for crypto, explained MetaMask security researcher Harry Denley.

However, clicking the link caused infection and loss of funds from the two wallets. Sending these fake tokens cost the attackers 8.5 ether or $9,024 in transaction fees and another 90.86 ether.

Denley further revealed that the attacker targeted native coins, including Binance Coin, Ethereum, and Uniswao LPs, and employed a two-step approach. They requested for address and browser client info to /66312712367123.com and tried to steal assets. Around $4.7 million worth of crypto was lost in the attack.

The scam may appear new, but it is connected to the exchange’s previous actions. In 2020, it sent an airdrop of 400 $UNI tokens, which currently are worth $2,224. The tokens were sent to every wallet involved in a trade on Uniswap. At different stages in 2021, crypto whales received airdrops worth five to six-figure amounts.

Binance Intervened to Stop the Attack

Binance CEO Changpeng Zhao (CZ) claimed in a Tweet that their intel unit identified an exploit on Uniswap V3 on the Ethereum blockchain. Zhao contacted Uniswap and informed the team that the exploit appeared as a phishing attack.

Binance Intel eventually was contacted to address the issue, and the attack was finally stopped on 11 July, around 23:00 UTC. The latest update is that the Uniswap protocol is completely safe. However, Uniswap’s price dropped, and the exchange experienced 10% losses in one night due to the attack.

Uniswap V3 LPs Suffer Losses Worth $4.7 Million in Fake Token Phishing Attack
CZ on Twitter having a conversation with Uniswap and alerting customers of the phishing scam

Uniswap Response

The crypto exchange posted the following statement on Twitter, revealing that there was no exploit and airdrops caused the losses.

“To be clear: there was no exploit. The Protocol always was — and remains — secure… airdrops that direct you to unofficial domains are likely phishing attempts. We will never airdrop users without notice on multiple official channels.”