In order to deceive investors, hackers are becoming more sophisticated and employing a variety of strategies. Malicious airdrops are a technique that is growing in popularity.
Initially, it was thought that Uniswap’s protocols had been compromised. It was later determined that a phishing attack drained Uniswap’s liquidity providers of approximately $8 million.
Popular decentralized exchange (DEX) for Ethereum including ETH mainnet tokens.
Harry Denley described how the phishing attack on his Twitter account was conducted.
At the initial stage, the malicious actor hits the explorers index to make the ‘From’ address appear legitimate: “Uniswap V3: Positions NFT.” This is referred to as an event pollution assault.
The bad actor sends tokens to multiple addresses. Investors who received tokens from “Uniswap” are curious as to why they were sent tokens. When checking the token’s name, investors are directed to the uniswaplp.com website (do not visit).
Following Uniswap in the URL is an abbreviation for liquidity provider.
The following message is displayed upon visiting the website:
‘Rewards for liquidity providers’ At 14:00 UTC on 11 July 2022, Uniswap distributed UniswapLP tokens to existing UNI-V3 liquidity providers based on the provided liquidity.
If you have UniswapLP tokens, you can claim UNI tokens from this page by clicking the button below.
As investors have already received tokens from ‘Uniswap’ and only 10,000 UNI will be airdropped, investors risk losing a portion of the 10,000 UNI if they do not claim them immediately.
Fear of missing out (FOMO) was used extensively to lure investors into the trap. Upon clicking the document, ethall is contacted ().
The browser information and wallet address of the user are sent to /66312712312123.com.
It may then request that the tokens be sent to the user’s ETH address. By doing so, the bad actor gains complete access to the victim’s address and empties their bank account.
The bad actor sent ‘uniswap’ tokens to over 70,000 addresses, incurring significant gas fees (over 8 ethers). Among the targeted addresses were those of significant ETH holders.
The overwhelming majority of crypto investors are aware of these frauds. However, many people are surprised if they are not attentive to the information in front of them.
The bad actor has begun laundering the stolen ethers through Tornado Cash by sending 100 ETH per transaction to the mixer.
How to Defend Against Attacks of the Same Type?
There are a number of measures that can be taken to reduce the likelihood of falling victim to a phishing attack in the crypto space. Airdrops must be verified through the social media channels of the project.
It could include Twitter, Telegram, Discord, etc. In the event that the social media accounts for a project are compromised, as has occurred in the past, paying close attention to the permissions granted when interacting with the contract, including the web address, may be helpful.
Forta, a relatively modern method that provides real-time security, is yet another option. The threat detection kit from Forta can be used to detect threats in NFTs, stablecoins, bridges, and more.
ClearSign is a feature of the ZenGo wallet that verifies interactions with contracts. As attacks become more sophisticated, it is essential to investigate the authenticity of everything you receive, including emails.
Following Uniswap in the URL is an abbreviation for liquidity provider.
The following message is displayed upon visiting the website:
‘Rewards for liquidity providers’ At 14:00 UTC on 11 July 2022, Uniswap distributed UniswapLP tokens to existing UNI-V3 liquidity providers based on the provided liquidity.