Uniswap users fall victim to a USD 8 million NFT phishing attack, while Binance issues a false alarm

By    13 Jul,2022

Users of Uniswap (UNI), the largest decentralized exchange (DEX) functioning on the Ethereum (ETH) blockchain, have reportedly lost over USD 8.1 million in assets as a result of a sophisticated phishing operation. Meanwhile, Binance CEO Changpeng Zhao (CZ) incorrectly claimed that the event was caused by the protocol itself.


According to Metamask security analyst Harry Denley, the phishing effort sought to steal victims’ assets under the guise of a UNI airdrop. He said that a fraudulent token was delivered to at least 73,399 addresses in order to attack their assets.

The phishing campaign is claimed to have been carried out on a big Uniswap V3 liquidity pool by the hacker (LP). They appear to have issued a malicious token to addresses posing as a UNI airdrop in an attempt to convince users to sign the transaction.

“First, the malicious contract pollutes the event data such that block explorers index the “From” as the real “Uniswap V3: Positions NFT” contract,” Denley explained, adding that if a user notices that “Uniswap V3: Positions NFT” sent them a token, they will be inquisitive and will inspect the token.

The token name takes users to a domain that mimics the authentic Uniswap branding. The website then performs a code that attempts to steal the assets of the users.