On 12th of July 2022, several users on uniswap reported losing their ETH in a phishing attack. In total, uniswap lost over $8 million worth of ETH. While this attack has got nothing to do with the security of the protocol itself, this is a case where the users need to be extra vigilant.
Let’s start by understanding what phishing attacks are. How they work, and the possible ways you can prevent yourself from being a victim.
What is Phishing?
Phishing is a term used to describe an attack where the hackers pose as a legitimate business, in order to steal sensitive information from its users. Email, Text messages or Telephone calls are some of the most common attack vectors.
Phishing attacks trace their way as far as 2004, where a teen from California created a copy of the website called “America Online” to steal user funds. One way to identify a phishing attack is by looking at its nature.
Phishing attacks often present users with “too good to be true” offers. However, with the airdrop style phishing attacks seen in DeFi. This has become especially hard to identify. One way to protect yourself.
The importance of regular security audits for businesses cannot be overstated, as they can help identify vulnerabilities and prevent phishing attacks.
So What Went Wrong?
The exploit that resulted in the illicit acquisition of approximately $8.1 million worth of NFT positions from Uniswap’s V3 liquidity pool occurred on Tuesday, 12 July 2022.
The attackers used a phishing technique, luring users with airdrop bait and tricking them into providing their recovery phrases and password.
By making the pool provider sign the transactions, the hackers were able to steal the funds. This incident highlights the importance of educating users on how to identify and avoid phishing attacks.
Moreover, it emphasizes the need for strong security measures and constant monitoring to prevent unauthorized access and protect against theft of valuable assets.
The recent exploit of the underlying smart contract for Uniswap’s Airdrop UNI tokens serves as a cautionary tale for users on how phishing scams can trick them into losing valuable assets. The smart contract directed users to a Uniswap look-alike website with a message urging them to claim their Airdrop UNI tokens based on the number of tokens received. This triggered the underlying smart contract to transfer assets, granting the exploiters full control of the user’s wallet.
It underscores the need for users to exercise caution while navigating online platforms and verifying the authenticity of websites to avoid falling prey to phishing scams.