Uniswap, the largest decentralized exchange (DEX), has fallen victim to a highly sophisticated phishing attack. While many people thought that Uniswap was exploited at first, several users, including the Binance Threat Intel Team discovered that there was a phishing campaign where a website impersonated Uniswap and led people to sign malicious transactions. The attack attempted to steal assets “under the false impression of a UNI airdrop based on their Liquidity Pool (LP)”, according to Metamask security analyst Harry.eth. He claimed that “there have been 73,399 addresses that have been sent a malicious token” and as a result, Uniswap users have reportedly lost more than $8 million in assets.
At first, Binance CEO CZ initially falsely alarmed about the incident, stating that Uniswap’s protocol was exploited. In a Tweet, he said “our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain”. However, after connecting with the Uniswap team, he later confirmed that the “protocol is safe” after the situation was explained.
As always, several people felt obliged to publicly voice their opinion on the matter. CZ was slammed by Crypto Twitter for Tweeting about the issue without first finding out whether his statement was factual or not, especially with an audience of 6.6 million followers. As we all know, panic and FUD can spread like wildfire through Twitter, so the point is somewhat valid.
So what can we learn from this? The key takeaway is to understand how to protect yourself from phishing. Simply don’t click on suspicious links, and double-check contracts to see if they look malicious or not. It’s easier said than done, but it’s worth double-checking absolutely everything in the Web3 space. Stay safe out there!