On Monday, an anonymous hacker recovered from a wallet believed to be a liquidity provider on the Uniswap decentralized exchange (DEX). Ethereum reported theft.
Hacker Stole Nearly $8M In Ethereum From A Liquidity Provider
Smart contracts security firm PeckShield said in a statement that the liquidity provider accidentally fell victim to a phishing tactic, which allowed the hacker to steal more than 7,500 Ethereum ($8 million).
Prior to the incident, the hacker targeted the victim using a fake Uniswap airdrop token as a phishing bait. When the victim accepted the token, he accidentally interacted with a malicious smart contract that gave the hacker full control over his own wallet.
During the attack, the wallet was compromised on Uniswap V3. WBTC/USDC provided $8 million in liquidity to the liquidity pool. In other words, it was not UniSwap that was hacked, it was just a wallet that provided a large amount of liquidity to the UniSwap platform.
After gaining unauthorized access to the wallet, the hacker closed the user’s liquidity position, swapped and exported their assets. In doing so, the hacker laundered funds through Tornado Cash, a transaction mixer on the Ethereum network.
Binance CEO CZ Made a Statement on the Subject
The first to notice cryptocurrency exchange Binance CEO Changpeng Zhao. In his Twitter post, CZ initially claimed there was a potential vulnerability in the UniSwap protocol itself, but later issued an update stating that this was not the case and that it was simply a phishing attack.
Connected with the @unisswap team. The protocol is safe.
The attack looks like from a phishing attack. Both teams responded quickly. all good. Sorry for the alarm.
Learn to protect yourself from phishing. Don’t click on links. 🙏 pic.twitter.com/FIXebz3iBC
— CZ 🔶 Binance (@cz_binance) July 11, 2022
Hayden Adams, founder of Uniswap, also agreed, saying that the phishing attack was “completely separate from the UniSwap protocol”.
*Not investment advice.