{"id":64269,"date":"2022-07-12T09:13:19","date_gmt":"2022-07-12T06:13:19","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=64269"},"modified":"2025-09-06T13:32:10","modified_gmt":"2025-09-06T10:32:10","slug":"hackers-attacked-uniswap-liquidity-providers-through-a-fake-airdrop","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-attacked-uniswap-liquidity-providers-through-a-fake-airdrop\/","title":{"rendered":"Hackers attacked Uniswap liquidity providers through a fake airdrop"},"content":{"rendered":"<p>Binance chief Changpeng Zhao said researchers at the exchange had detected a potential vulnerability in Uniswap v3. However, it later emerged that the incident involved a phishing attack against a user, not a vulnerability in the protocol.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify <a href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\">@Uniswap<\/a>? We can help. Thanks<a href=\"https:\/\/t.co\/OV3g7ayf77\">https:\/\/t.co\/OV3g7ayf77<\/a><\/p>\n<p>\u2014 CZ \ud83d\udd36 Binance (@cz_binance) <a href=\"https:\/\/twitter.com\/cz_binance\/status\/1546624143432433664?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In Zhao&#8217;s message, it stated that the attacker withdrew 4,295 ETH ($4.6 million at the time of writing) from the protocol and sent them to the Tornado Cash mixer.<\/p>\n<p>PeckShield said that there had been an attack on a liquidity provider (LP).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Here is the approve tx. So it is not an exploit on <a href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\">@Uniswap<\/a>. Instead someone with the UniswapV3 Liquidity Positions got phished to approve on their positions. <a href=\"https:\/\/twitter.com\/cz_binance?ref_src=twsrc%5Etfw\">@cz_binance<\/a> <a href=\"https:\/\/t.co\/atwbLoh7J5\">https:\/\/t.co\/atwbLoh7J5<\/a> <a href=\"https:\/\/t.co\/LwQQDZZHTs\">https:\/\/t.co\/LwQQDZZHTs<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1546631793398333440?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Security researcher Harry Denley was among the first to report the phishing campaign. He noted that the attackers sent malicious tokens masquerading as an Uniswap airdrop to over 70,000 addresses.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u26a0\ufe0f As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a <a href=\"https:\/\/twitter.com\/search?q=%24UNI&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$UNI<\/a> airdrop based on their LP\u2019s<\/p>\n<p>Activity started ~2H ago<br \/>0xcf39b7793512f03f2893c16459fd72e65d2ed00c<\/p>\n<p>cc: <a href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\">@Uniswap<\/a> <a href=\"https:\/\/twitter.com\/etherscan?ref_src=twsrc%5Etfw\">@etherscan<\/a> <a href=\"https:\/\/t.co\/5W51AikFuV\">pic.twitter.com\/5W51AikFuV<\/a><\/p>\n<p>\u2014 harry.eth \ud83e\udd8a\ud83d\udc99 (whg.eth) (@sniko_) <a href=\"https:\/\/twitter.com\/sniko_\/status\/1546535668247060481?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Victims enticed by the tokens are redirected to a fraudulent site. The hackers then steal the funds.<\/p>\n<p>The number of affected users and the total amount of damage remain unknown.<\/p>\n<p>Uniswap protocol founder Hayden Adams confirmed that this was a phishing campaign. He advised not to click on links that may be malicious.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions<\/p>\n<p>Totally separate from the protocol<\/p>\n<p>A good reminder to protect yourself from phishing and not click on malicious links <a href=\"https:\/\/t.co\/aj3Zh8UKqF\">https:\/\/t.co\/aj3Zh8UKqF<\/a><\/p>\n<p>\u2014 hayden.eth \ud83e\udd84 (@haydenzadams) <a href=\"https:\/\/twitter.com\/haydenzadams\/status\/1546634835615223809?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Changpeng Zhao said he had been in touch with the Uniswap team and confirmed that the protocol is safe.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Connected with the <a href=\"https:\/\/twitter.com\/Uniswap?ref_src=twsrc%5Etfw\">@uniswap<\/a> team. The protocol is safe. <\/p>\n<p>The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.<\/p>\n<p>Learn to protect yourself from phishing. Don\u2019t click on links. \ud83d\ude4f <a href=\"https:\/\/t.co\/FIXebz3iBC\">pic.twitter.com\/FIXebz3iBC<\/a><\/p>\n<p>\u2014 CZ \ud83d\udd36 Binance (@cz_binance) <a href=\"https:\/\/twitter.com\/cz_binance\/status\/1546631971626958848?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Some users noted that you should not post unverified claims on Twitter, \u201cespecially if you have millions of followers.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">If you think you found an exploit, submit a bug bounty or reach out to the core dev team directly <\/p>\n<p>Don\u2019t just tweet unverified claims, especially if you have millions of followers, it\u2019s quite irresponsible, even if they\u2019re your competition<\/p>\n<p>Context:<a href=\"https:\/\/t.co\/UYT1ISCf25\">https:\/\/t.co\/UYT1ISCf25<\/a><\/p>\n<p>\u2014 ChainLinkGod.eth (@ChainLinkGod) <a href=\"https:\/\/twitter.com\/ChainLinkGod\/status\/1546633078927265792?ref_src=twsrc%5Etfw\">July 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier in 2020, specialists <a href=\"https:\/\/u1f987.com\/en\/news\/fake-uniswap-app-steals-20000-from-a-user\">discovered a fake Uniswap<\/a> app that stole cryptocurrency from users.<\/p>\n<p>Read more about Uniswap in <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-uniswap-uni\">ForkLog cards<\/a>.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"\u0414\u0435\u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0431\u0438\u0440\u0436\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442. \u0427\u0442\u043e \u0442\u0430\u043a\u043e\u0435 Uniswap?\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/7-3w6uhK5NU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div>\n<\/figure>\n<p>Read ForkLog&#8217;s Bitcoin news on our <a href=\"\/\/telegram.me\/forklog\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 cryptocurrency news, rates and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Binance chief Changpeng Zhao said researchers at the exchange had detected a potential vulnerability in Uniswap v3. However, it later emerged that the incident involved a phishing attack against a user, not a vulnerability in the protocol.<\/p>\n","protected":false},"author":1,"featured_media":64270,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1391],"class_list":["post-64269","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-uniswap-uni"],"aioseo_notices":[],"amp_enabled":true,"views":"55","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/64269","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=64269"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/64269\/revisions"}],"predecessor-version":[{"id":64271,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/64269\/revisions\/64271"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/64270"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=64269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=64269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=64269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}