Meta Digest

Hacker Uses Smart Contract to Phish Nearly $8 Million Worth of Ethereum

Users fall for phishing scam using smart contract to siphon their Ethereum

Ethereum witnessed another phishing scam on Monday when a fake airdrop robbed Uniswap users of nearly $8 million in funds.

Users fell in love with a phishing scam that promised a free airdrop of 400 UNI tokens worth $2,200. To claim the deceptive airdrop, they are drive to link their cryptocurrency wallets and sign the transaction. Once the connection had been did make. A rogue smart contract was use by an unfamiliar hacker to take the victims’ money.

Ethereum phishing

Etherscan reports that over 74,000 wallets have come into contact with the smart contract phishing scam. Which the hackers implemented on July 11. While most legitimate projects verified the code for smart contracts on Etherscan, the code was not there.

Following the deployment of the code, the hacker deceived users into signing a transaction to claim their airdrop tokens, granting them access to all of the Uniswap Liquidity Pool tokens the user had in their possession.

Users typically receive LP tokens when they add liquidity to Uniswap as a representation of their liquidity positions. Tokens may also be convert to the ERC-721 fiat standard.

The approval transaction allows the hacker wallet to issue funds on behalf of the user. After gaining access to the approval transaction, the hacker transferred all the LP tokens to his wallet and drained the cash from Uniswap.

As a result, according to analytical information from Etherscan, the hacker wallet gained nearly 7,573.94 Ethereum through Ethereum phishing.

How the crypto community reacted

According to Hayden Adams, the inventor of Uniswap, “This was a phishing effort that resulted in some LP NFTs being stolen from individuals who approve fraudulent transactions.” “Totally separate from the protocol.”

Harry Denly, a Metamask engineer, tweeted that as of block 151,223,32, 73,399 addresses had got malicious tokens meant to attack their assets under the false pretence of a $UNI airdrop depending on their LPs.

Changpeng Zhao, CEO of Binance, speaon the situation and at first found that the DEX system was being lost. However, the Uniswap team clarified the situation, and Zhao confirmed that it was a phishing scam and that the protocol was safe.

“This seems like an incredibly irresponsible thing to tweet,” one user responded to Zhao’s allegation. “It was a phishing campaign, not an exploit of Uniswap V3 code.”

“Let’s agree to disagree,” tweeted another user. “I personally think when you have an audience of [6 million] people you should not go around spreading panic without verifying your story first.”

While the matter has been clarified, the price of UNI has dropped more than 10% in the past 24 hours.

Opinions expressed by Meta Digest contributors are their own.