Hackers stole more than $ 4.7 million using fake UNI cryptocurrency

According to Metamask security researcher Harry Danley, the hackers managed to steal more than $ 4.7 million in ethereum — the attackers sent malicious tokens under the guise of an airdrop from Uniswap to more than 70,000 addresses.

Interestingly, at first, Binance CEO Changpeng Zhao believed that the problem was a potential vulnerability in the third version of Uniswap (v3), but later it turned out that a phishing attack had taken place. Users interested in the fake airdrop from Uniswap followed a malicious link to a website where the attackers stole all the information they needed to receive funds.

Hayden Adams, the developer of the Uniswap protocol, confirmed that a phishing attack had occurred and advised users not to click on suspicious links.

This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions

Totally separate from the protocol

A good reminder to protect yourself from phishing and not click on malicious links https://t.co/aj3Zh8UKqF

— hayden. eth 🦄 (@haydenzadams) July 11, 2022

It is interesting that not only ordinary users but also experienced developers suffer from the attackers' hands. Recently, it became known that hackers were able to steal $ 625 million from one of the largest games of the Play2Earn genre — Axie Infinity, thanks to spyware downloaded by one of the developers. The developer went through several stages of online interviews (he was offered a fake job on LinkedIn) and then received a PDF document containing software that allowed hackers to take control of 4 out of 9 validators.