Uniswap V3 — — New Phishing Scam?
Binance CEO founder claimed that their threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash, address
In the hours later, multiple Twitter users posted that there was nothing unusual about the transactions that transferred funds in the hack and said that it was a phishing attack, meaning that the breach was not a risk to Uniswap itself.
after the CZ tweed mentioned that it connected with the uniswap team. The protocol is safe. The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm. Learn to protect yourself from phishing. Don’t click on links.
0x02 More details
· Attacker Address
· Attacker contract（UniswapLP.com (UniswapLP.com)）
· Victim address
· Uniswap V3: Positions NFT
0x03 Attack Analysis
1.The attacker deploys the attack contract ($ UniswapLP.com (UniswapLP.com)) in advance, pay attention to the name here, some of the key information in it contains the UniswapLP and UniswapLP.com URLs, which on closer inspection is not the official Uniswap URL after looked through carefully it you will find the official website is very similar.
2.The Uniswap V3: Positions NFT (UNI-V3-POS) contract call via the attack contract to send funds named ($ UniswapLP.com (UniswapLP.com)) to the victim’s address.
This step is also the key to the phishing attack, by sending Token funds named ($ UniswapLP.com (UniswapLP.com)), it will give the recipient of the funds the illusion that Uniswap V3 has sent UniswapLP.com to the recipient’s address, at which point the attacker may visit the UniswapLP.com website and proceed to the next step.
3. The victim clicks on the URL and authorizes his funds to the attacker’s pre-written address. See below the specific actions of one of the victims. The victim performs multiple setApprovalForAll authorizations.
View details of any transaction
It can be clearly seen that the victim calls the setApprovalForAll method of the Uniswap V3: Positions NFT contract to authorize his NFT assets to the attacker’s address.
4. After successful authorization, the attacker uses the authorized account to transfer the victim’s NFT assets out.
5.The attacker converts NFT assets to ETH via the Uniswap V3: Positions NFT contract.
The attackers eventually transferred the 7,500 ETH acquired to the Tornado.Cash mash platform.
The above event reveals that the attackers mainly use a mixture of social engineering and social phishing to lure users to click on phishing websites and authorize their NFTs. However, unlike most previous phishing events, the initial phase of this phishing attack unfolded in the blockchain browser, confusing users by faking contract names and coin offerings, and eventually luring users to authorize their NFT assets.
- When visiting an unspecified website, it is important to check carefully that it is the intended official website.
- If you think you’ve been impacted by one of these scams, make sure to revoke access to all of your NFTs through https://revoke.cash or transfer them out ASAP to a hardware wallet.