Phishing Villain Targets Uniswap Users with Airdrop Grift
Binance Chief CZ Triggers Panic with Tweet on 'Potential Exploit'
By: yyctraderDeFi News
“Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain…” tweeted Binance founder Changpeng Zhao (CZ) on Monday evening.
The news spread like wildfire across Twitter and Discord. For a few tense minutes, observers questioned what an exploit of one of DeFi’s backbones could mean for this tender market.
A few minutes later, security researcher samczsun clarified that there had been no smart contract exploit on Uniswap V3, but rather a phishing attack.
Uniswap founder Hayden Adams confirmed that liquidity providers on the decentralized exchange had been targeted in a sophisticated phishing scam. Crisis averted, and yet the attempt, which involved a bogus airdrop, was worrisome.
How It Happened
The scam was flagged earlier on Monday by Metamask security researcher harry.eth, who noted that a malicious token had been sent to 73,399 Ethereum addresses in order to “target their assets”.
Users were promised an airdrop of 400 UNI tokens based on their liquidity positions on Uniswap V3.
Fake Airdrop Website. Image from harry.eth
The bogus website cranked up the urgency by stating that only 10,000 UNI tokens were available to be claimed on a first-come, first-served basis.
Upon attempting to claim the ‘airdrop’, users were asked to sign an approval transaction that granted the attacker access to their Uniswap LP NFTs. Concentrated liquidity positions on Uniswap V3 are tokenized as NFTs using the ERC-721 standard. This means that anyone holding the NFT can withdraw assets from the underlying LP position.
Once the malicious transaction was signed, the attacker was able to transfer the NFTs to their own wallet and withdraw all the assets, which were then swapped for ETH.
Data from Etherscan shows that the attacker has sent 7,500 ETH ($8M) to privacy mixer Tornado Cash.
Many in the crypto community took aim at CZ for spreading panic without confirming the facts with the Uniswap team.
“This seems like an incredibly irresponsible thing to tweet, it was a phishing campaign, not an exploit of Uniswap v3 code,” tweeted ChainLinkGod.
The Binance chief released a thread earlier this morning, acknowledging that while he could have waited for confirmation from Uniswap, the choice was made to go public with the information as “speed is of the essence when dealing with security issues, when (3 million users’) funds are at stake.”
Uniswap’s UNI token dropped over 10% in the wake of the news but has since rebounded.