Phishing attack steals $8M in Crypto from Uniswap LP
A phishing scam offering a fraudulent airdrop managed to steal nearly $8 million from Uniswap users on Monday.

Hackers stole over $8 million worth of crypto after airdropping Uniswap V3 Liquidity Pool users.
A phishing scam offering a fraudulent airdrop managed to steal nearly $8 million worth of tokens from Uniswap users on Monday.
The phishing scammer targeted the liquidity providers of Uniswap pool V3, where NFT’s represent LP holders’ positions in the pool . A total of 74,693 liquidity providers are in this pool, all of whom own one or more NFT(s) representing their stake.
This NFT represents a liquidity position in a Uniswap V3 WETH-WBTC pool. The owner of this NFT can modify or redeem the position – LOOKSRARE
Each of these individuals were sent 400 malicious ‘airdrop’ tokens as part of the scheme. It is believed that the malicious contract polluted the event data in such a way that block explorers index the “From” field as the legitimate “Uniswap V3: Positions NFT” contract.
Approval Transaction
Within the malicious token airdrop, there was a link to a website where victims could seemingly trade the new tokens for other cryptocurrencies. In order to claim the malicious airdrop, users had to connect their crypto wallets and sign the transaction.
In reality, this transaction served as an approval transaction, which allowed the hacker to access all Uniswap LP (Liquidity Pool) NFT tokens.
At this point, with the use of a malicious smart contract, the hacker transferred all the LP NFT tokens to his wallet and then withdrew all the liquidity from Uniswap.
One of the LP NFT’s (worth up to 100 ETH) being transfered to the scammer’s wallet – etherscan.io
$8Million worth of WBTC & ETH (7,574 ETH’s worth in total) was stolen from the pool. The attacker funded their wallet with 100ETH from Tornado Cash (cryptocurrency anonymising service) hours before the attack and in total, the scammer spent $9,300 (8.8 Eth) on gas fees sending out the ‘airdrop’. Most of the funds were also
Twitter Reacts
1/ Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today. To be clear: there was no exploit. The Protocol always was — and remains — secure. Here’s what happened.👇
— Uniswap Labs 🦄 (@Uniswap) July 12, 2022
Changpeng Zhao, CEO of Binance, also tweeted about the issue, initially alleging that the DEX protocol had been exploited.
Connected with the @uniswap team. The protocol is safe.
The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Don’t click on links. 🙠pic.twitter.com/FIXebz3iBC
— CZ 🔶 Binance (@cz_binance) July 11, 2022
After clarification from the Uniswap team, he confirmed that it was indeed a phishing scam and not a protocol exploit.
From the YFarmX archive · originally published on the previous site


