Key Takeaways
The stolen ETH was laundered through Tornado Cash. The victims were lured by the offering that they could swap a malicious fake token for UNI. Over 70,000 addresses had been sent malicious ERC-20 tokens to steal their assets. Uniswap team states the attack was part of a phishing campaign and not a protocol hack.
Uniswap V3 Liquidity pool gets hit by a phishing campaign that stole roughly 3,278 ether worth of NFT positions or approximately $3.5 million. The phishing attack detected Monday was first brought to attention by Metamask security researcher Harry Denley who tweeted that 73,399 addresses had been sent malicious ERC-20 tokens to steal their assets.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's Activity started ~2H ago 0xcf39b7793512f03f2893c16459fd72e65d2ed00c cc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV — harry.eth