More than 73,000 Uniswap Liquidity Providers (LP), the users who provide the tokens used for trading on the Uniswap protocol, have just learned a hard lesson about a classic scam. Crypto is known as a hunting ground for scammers and hackers, and one of the most effective strategies is phishing attacks. Since cryptocurrencies and NFTs are protected by the impenetrable security of blockchain technology, the easiest way to steal blockchain assets is through deception.
In Web 2.0, a phishing attack is a form of hacking that usually involves a fake email with an attachment containing a virus that attacks the recipient’s device or, worse, stays silent in the background and protects their personal collect data. In Web 3.0, a phishing attack is often a fake front-end website cloned from a real crypto project designed to trick the user into signing a malicious smart contract that transfers their crypto assets to the attacker’s wallet, and may take the form of an email (if known) or via a malicious token. Victims are lured by the promise of an “airdrop” – free distribution of tokens usually issued as a reward to early adopters, and the malicious code is executed when they claim the airdrop. Unlike crypto pump-and-dump scams, a phishing attack uses a smart contract to steal a victim’s assets directly from their wallet.
According to CoinDesk, the Uniswap attacker transferred fake Uniswap LP tokens to users’ wallets to trick them into thinking they had received an airdrop from Uniswap, and after investigating, they were led to a fake website that was a Uniswap clone. The website asked them to plug in their wallets and sign a transaction to exchange their LP tokens for UNI tokens, completing the airdrop. Instead, he ran malicious code and stole all of their genuine Uniswap LP tokens. One user, who provided WBTC and USDC, lost more than $8 million in the attack.
Do not touch randomly dropped tokens
Running a cryptocurrency scam is not difficult. It is relatively easy to design and implement a malicious smart contract, clone an open source frontend and then send the infected tokens to all potential victims. These victims will investigate the origin of the tokens as the tokens appear on Etherscan and have a dollar value, and by following the URL of the tokens website they will be presented with a page asking them to link their wallets and sign a transaction to claim them. their parachute jump. It is necessary to do a cursory research before signing a deal promising free crypto, especially for big projects like Uniswap, and treating any free crypto as a potential scam.
If a respected protocol like Uniswap is going to airdrop, it will make an announcement on its blog and on official social media. Legitimate crypto projects also very rarely perform airdrops by “pushing” tokens to their recipients, as this is expensive and dangerous. Instead, it is common to use a “pull” delivery method, where recipients go to the official site and collect the tokens from a drop page. The pull method is cheaper for the sender and much safer for the recipient because they know where the tokens come from. Finally, legitimate projects will verify and upload their smart contract code to block explorers like Etherscan, which is the only way to find out what’s in a transaction without signing it.
The first thing a user should do when receiving tokens from a web3, metaverse, or blockchain project is to check the project’s official blog and social media channels for an airdrop post, and if none is announced, the received tokens must be processed. as a suspect. It is important to remember that malicious tokens can only attack if they interact with them. While not much can be done for the victims of the Uniswap phishing attack, everyone should immediately be wary of tokens received via a push airdrop as this is not an industry standard method of conducting airdrops and is often used for phishing attacks.
90 Day Fiancé: Winter Shows Weight Loss During Chantel’s Divorce