Uniswap Sophisticated Attack

As a result of a sophisticated phishing attack, UniSwap, one of the most popular decentralized cryptocurrency exchanges, lost a large amount of Ethereum worth close to $8 million.

Although no vulnerability was exploited in order to compromise the protocol, as initially expected, the cyberattack has still affected a number of investors in digital assets as a result.

In a cyberattack, the threat actors have lured victims with free UNI tokens (airdrops) in an attempt to trick them with fake lures. Users were instructed to connect their crypto wallets in order to claim 400 free UNI tokens worth approximately $2,000 via a fraudulent airdrop.

The Trap

An operator gets full approval rights when an attacker uses the masked “setApprovalForAll” function. In essence, this allows the attacker to convert all of the Uniswap LP tokens in the victim’s wallet into ETH by offering them to the attacker.

Ultimately, 7,574 ETH were siphoned by the threat actors. Once the loot had been gathered, Tornado Cash’s service was quickly used to mix the loot.

An attack has been carried out by a malicious entity masquerading as a token airdrop for 73,399 wallet addresses connected to Uniswap. 

There is a discrepancy between what was a legitimate project doing and what was a malicious smart contract was deployed on Etherscan since the malicious code had not been verified.

Uniswap tokens, worth $5.34 each, could then be exchanged for smart contract data on the website. This website is the portal on the internet that purports to be able to facilitate the swapping of new tokens for Uniswap tokens.

In order to trick the block explorer into thinking that Uniswap was the sender of the contract, the attackers tainted the articulate function of the contract with fraudulent data.

When users thought they would be receiving their reward for pressing the “Click here to claim” button, they actually granted the attackers access to the assets they had previously protected.

Recommendation

Oftentimes, crypto users who are not familiar with the crypto world fall victim to such scams due to the confusion they experience. In addition, they are unfamiliar with the applications that they are using since they are not familiar with them.

So, in that case, you have to take care of a few essential things to avoid such scams, and here all the recommendations are mentioned below:- 

  • The best advice is to always keep an eye on the platform’s official Twitter account and website.
  • In the case of airdrops or anything else that someone sends, always look closely at the official source.
  • Always take a look at the website of the platform before you choose a wallet or crypto trading or swapping platform.
  • Make sure that the URLs are always double-checked.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.