The security of the Uniswap v3 protocol has been compromised. Attackers have made off with at least $4 million worth in Ethereum (ETH), but it could be even greater than that!
Harry Denley, a security researcher at Metamask, was one of the first to alert the public to the attack on July 11, informing his 13,000 Twitter followers that 73,399 addresses had received counterfeit ERC-20 tokens intended to steal their assets.
How phishing attack works
According to Denley, the fake ERC-20 token, which appeared to be called UNI-V3, was able to trick users into sending ETH to a wallet controlled by the attackers. Once the funds were sent, they were quickly transferred to a different address in small increments, making them more difficult to trace.
Once the user accepts the fake token, their ETH is transferred to the attacker's wallet. So far, over 300 addresses have been identified as victims of the scam.
Denley was able to track the funds as they were being moved and estimates that the attackers made off with at least 3,926 ETH, worth approximately $4.7 million at current prices. However, he believes the actual amount stolen could be much higher, as many users may not have realized they had been phished yet.
Uniswap has since addressed the issue, telling users that the fake UNI-V3 token has been “blacklisted” and warning people not to send any ETH or other assets to the associated addresses.
As DeFi protocols continue to grow in popularity, they are becoming increasingly attractive targets for hackers and scammers. Earlier this week, the creator of Synthetix warned that the platform was under “active attack” from someone attempting to exploit a flaw in its code. Fortunately, no user funds were lost in that incident.
It is imperative that users take extra care to ensure they are sending their assets to the correct address when using any DeFi protocol. Remember to double-check all addresses before sending any funds, and if you are unsure, reach out to the project team directly for help.
It is important to be aware of these scams and only to use trusted sources when interacting with decentralized exchanges. Be sure to research and never deposit funds into a protocol you are not 100% sure is legitimate.
Author: Felix NG