Security News > 2022 > July > $8 million stolen in large-scale Uniswap airdrop phishing attack
Uniswap, a popular decentralized cryptocurrency exchange, lost close to $8 million worth of Ethereum in a sophisticated phishing attack yesterday.
1/ Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today.
The phishing actors created an ERC20 token and airdropped it to 73,399 users who held UNI tokens, spending 8.5 ETH in TX fees for the high volume of the transactions.
The goal was to re-direct the recipients to a scam website on the domain "Uniswaplp[.]com," which impersonates the official Uniswap domain "Uniswap.org."
In short, the attackers polluted the emit function of the contract with false data tricking the block explorer into displaying Uniswap as the sender, researchers at Check Point explain.
Software cryptocurrency wallet MetaMask has added to its warning list the domain used in the Uniswap phishing, thus preventing new users from getting scammed.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)