The attacker tempted users with a fake Uniswap airdrop message
Uniswap, a popular decentralized cryptocurrency exchange, lost around $8 million worth of Ethereum in a sophisticated phishing attack.
The threat actors used the lure of free UNI tokens (airdrops) to trick victims into granting transactions that gave hackers full access to wallets.
The trap was a masked “setApprovalForAll” function that assigns or revokes full approval rights to the operator, allowing the attacker to redeem all Uniswap v3 LP tokens for ETH in the victim wallet.
In total, the threat actors siphoned 7,574 ETH to a wallet address under their control and quickly moved 7,500 to the Tornado Cash service for laundering.
The cyberattack has impacted many investors in digital assets. The phishing actors created an ERC20 token and airdropped it to 73,399 users who held UNI tokens, spending 8.5 ETH in TX fees for the high volume of the transactions.
The goal was to re-direct the recipients to a scam website on the domain “uniswaplp[.]com,” which impersonates the official Uniswap domain “uniswap.org.”
The operator appeared as “Uniswap V3: Positions NFT” to the victims, thus tricking them into allowing the approval rights.
The users who pressed the “Click here to claim” button essentially granted the attackers full access to their assets.
Software cryptocurrency wallet MetaMask has added to its warning list the domain used in the Uniswap phishing, thus preventing new users from getting scammed.
When you receive an airdrop, make sure to validate everything before clicking any buttons, starting with the domain name of the website you have entered. It is also best to verify the source of an airdrop to avoid falling victim to scammers seeing to take control of transactions with a single click.