A recent phishing attack that promised an airdrop of Uniswap tokens has taken over $8M in Ethereum from investors.
- The attack promised users an airdrop of UNI tokens. Users had to connect their wallets and sign a transaction to “claim” the drop, although this allowed a malicious smart contract upon connection to grab users funds.
- The contract was initially deployed on July 11th and so far nearly 74,000 wallets have interacted with the contract. Over 7,573 ETH (~$8,071,000) has been stolen by the hacker. The contract was never verified by Etherscan, which is a key sign of malicious intent.
- The contract was able to steal user’s funds through fronting as an approval transaction, this would, in turn, give the hacker access to tokens held in the Uniswap Liquidity Pool, being able to spend funds on behalf of the user through the approval transaction.
- UNI has dropped almost 10% in the past day, from $6.23 to $5.60 currently.
