The head of the Binance bitcoin exchange Changpeng Zhao reported that researchers at the site discovered a potential vulnerability in the third version of Uniswap (v3). However, it later turned out that it was a phishing attack on the user and not a protocol vulnerability.
Zhao’s report said the attacker took 4,295 ETH ($4.6 million at the time of writing) out of the protocol and sent it to a Tornado Cash mixer.
PeckShield said there was an attack on the liquidity provider (LP).
One of the first to report on the phishing campaign was security specialist Harry Denly. He noted that attackers sent malicious tokens under the guise of an airdrop from Uniswap to more than 70,000 addresses.
Victims interested in the tokens are redirected to the fraudulent site. Subsequently, the hackers steal the funds.
The number of affected users and the total amount of damage are not yet known.
Uniswap protocol creator Hayden Adams confirmed that it was a phishing campaign. He advised not to click on links that might be malicious.
Changpeng Zhao said he had contacted the Uniswap team and confirmed that the protocol was safe.