Uniswap Airdrop Phishing Attack

    Loading...
    Loading...
    Loading...

    On July 11th, some of the Uniswap holders received an airdrop (token: 0xcf39b7793512f03f2893c16459fd72e65d2ed00c which was called UniswapLP), little they knew that it was a scam to steal their valuable tokens by asking them to swap this fake token to Uni on a fake website which has an identical look to Uniswap itself. By executing that the innocent victims who fell pray to this scam have given the access to their tokens to the evil by calling setApprovalAll(). Attacker knows that the users were not dumb so s/he used a trick to fool them. They have maliciously send the airdrop under Uniswap V3:Positions NFT name by Polluting the event data on the block explorer. Then once the users have given them the access to their token they simply grabbed whatever they could and used tornado cash as the exit route. That was how it happened now let’s look at what is the impact.

    Data: FlipsideCrypto

    Analyst: joker#2417

    twitter: @0x07k3r

    Loading...
    Loading...
    Loading...
    Loading...
    db_img
    • The fake airdrop seems to have sent on 11th of July around 2-4pm UTC time.
    • They have sent 376 transactions to 73.4K different users this malicious token (0xcf39b7793512f03f2893c16459fd72e65d2ed00c)

    In order to prove the ownership of an LP token, Uniswap mint a ERC 721 token (NFT) to the liquidity provider which users can used to claim their rewards and even trade.

    Now these attackers have stolen these NFTs as well from the wallets.

    • We can see that 11th of July around 8pm UTC, there were 29 LP tokens (NFTs) were stolen from 2 users (who of course looks like whales)
    • Also they continues this until 13th, July 4pm.
    • There’s 1 milady NFT was also among the stolen NFTs
    • The worth of these LP tokens (NFTs) are staggering 43.5K ETH…. :open_mouth:
    • But these NFTs are still with the attackers wallets!!

    The tokens that the attacker has stolen are

    0x24a4b33bfa8e32b3456f95381de429c11c2c6fd6 0x727a4BfE7FB2F70C218A2408709651706ec60A81 0xcf39b7793512f03f2893c16459fd72e65d2ed00c -- fake token 0x3CAFc86a98B77EeDcD3db0ee0aE562D7fe1897A2 0x09b5027ef3a3b7332ee90321e558bad9c4447afa

    Loading...