Published in


Uniswap V3 — — New Phishing Scam?

Binance CEO founder claimed that their threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash, address

In the hours later, multiple Twitter users posted that there was nothing unusual about the transactions that transferred funds in the hack and said that it was a phishing attack, meaning that the breach was not a risk to Uniswap itself.

after the CZ tweed mentioned that it connected with the uniswap team. The protocol is safe. The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm. Learn to protect yourself from phishing. Don’t click on links.

· Attacker Address



· Attacker contract( (


· Victim address




· Uniswap V3: Positions NFT


0x03 Attack Analysis

1.The attacker deploys the attack contract ($ ( in advance, pay attention to the name here, some of the key information in it contains the UniswapLP and URLs, which on closer inspection is not the official Uniswap URL after looked through carefully it you will find the official website is very similar.

2.The Uniswap V3: Positions NFT (UNI-V3-POS) contract call via the attack contract to send funds named ($ ( to the victim’s address.

This step is also the key to the phishing attack, by sending Token funds named ($ (, it will give the recipient of the funds the illusion that Uniswap V3 has sent to the recipient’s address, at which point the attacker may visit the website and proceed to the next step.

New to trading? Try crypto trading bots or copy trading

3. The victim clicks on the URL and authorizes his funds to the attacker’s pre-written address. See below the specific actions of one of the victims. The victim performs multiple setApprovalForAll authorizations.

View details of any transaction

It can be clearly seen that the victim calls the setApprovalForAll method of the Uniswap V3: Positions NFT contract to authorize his NFT assets to the attacker’s address.

4. After successful authorization, the attacker uses the authorized account to transfer the victim’s NFT assets out.

5.The attacker converts NFT assets to ETH via the Uniswap V3: Positions NFT contract.

The attackers eventually transferred the 7,500 ETH acquired to the Tornado.Cash mash platform.

The above event reveals that the attackers mainly use a mixture of social engineering and social phishing to lure users to click on phishing websites and authorize their NFTs. However, unlike most previous phishing events, the initial phase of this phishing attack unfolded in the blockchain browser, confusing users by faking contract names and coin offerings, and eventually luring users to authorize their NFT assets.

Security advice

  1. When visiting an unspecified website, it is important to check carefully that it is the intended official website.
  2. If you think you’ve been impacted by one of these scams, make sure to revoke access to all of your NFTs through or transfer them out ASAP to a hardware wallet.

Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing

Also, Read



Coinmonks ( is a non-profit Crypto Educational Publication. Follow us on Twitter @coinmonks and Our other project —, Email  —

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.