Facebook Twitter Instagram
    247CareerHub
    • Jobs in Nigeria 2023/2024: June Recruitment & Job Vacancies
    • Jobs
    • Scholarships
    • School News
    • Reality TV
    • Career
    • Articles
    • Contact
    • About
    Facebook Twitter Instagram
    247CareerHub
    Home»Career»Uniswap Crypto Phishing Attacker Steals $8M How To Avoid Getting Phished
    Career

    Uniswap Crypto Phishing Attacker Steals $8M How To Avoid Getting Phished

    CareerHubBy CareerHubJuly 13, 2022No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    A crypto scammer hit over 73,000 Uniswap LPs, stealing over $8M using malicious airdropped tokens. Here’s how to avoid a phishing attack.

    Over 73,000 Uniswap liquidity providers (LPs), users who provide the tokens used for trading on the Uniswap protocol, just learned a harsh lesson about a classic scam. Crypto is notorious for being a hunting ground for scammers and hackers, and one of the most effective strategies is phishing attacks. Because cryptocurrencies and NFTs are protected by the impenetrable security of blockchain technology, the easiest way to steal blockchain assets is through trickery.

    In Web 2.0, a phishing attack is a type of hack that usually involves a fake email with an attachment containing a virus that attacks the recipient’s device or, worse, quietly sits in the background and gathers their personal data. In Web 3.0, a phishing attack is often a fake front-end website cloned from a real crypto project designed to trick the user into signing a malicious smart contract that transfers their crypto holdings to the attacker’s wallet, and can come in the form of an email (if known) or through a malicious token. Victims are lured in by the promise of an “airdrop” – free distribution of tokens commonly issued as a reward for early users, and the malicious code is executed when they claim the airdrop. Unlike a pump-and-dump crypto scam, a phishing attack uses a smart contract to directly steal a victim’s holdings from their wallet.

    Also Check: VW And Audi Join Redwood Materials EV Battery Recycling Program

    According to CoinDesk, the Uniswap attacker transferred fake Uniswap LP tokens into users’ wallets to trick them into believing they received an airdrop from Uniswap, and upon investigation were led to a fake website that was a Uniswap clone. The website prompted them to connect their wallet and sign a transaction to trade their LP tokens for UNI tokens, thus completing the airdrop. Instead, it executed malicious code and stole all of their real Uniswap LP tokens. One user, who was providing WBTC and USDC, lost more than $8 million to the attack.

    Don’t Touch Randomly Airdropped Tokens

    Conducting a cryptocurrency scam is not hard. It is relatively easy to design and deploy a malicious smart contract, clone an open-source front-end, and then send the infected tokens to all potential victims. These victims will investigate where the tokens came from, as the tokens do show up on Etherscan and have a dollar value, and in following the tokens’ website URL will be presented with a page requiring them to connect their wallet and sign a transaction to claim their airdrop. It is necessary to do cursory research prior to signing any transactions promising free crypto, especially for large projects like Uniswap, and treat all free crypto as a potential scam.

    If a respected protocol like Uniswap is going to conduct an airdrop, it will make an announcement on its blog and official social media channels. Legitimate crypto projects also very rarely conduct airdrops by “pushing” the tokens to their recipients, as it is expensive and unsafe to do. Instead, it is standard to use a “pull” method of delivery, where recipients go to the official website and collect the tokens from an airdrop page. The pull method is cheaper on the sender and much safer for the recipient, as they know where the tokens came from. Finally, legitimate projects will verify and upload their smart contract code on block explorers like Etherscan, which is the only way to know what’s in a transaction without signing it.

    Also Check: Check Out The Samsung Galaxy S22 In Bora Purple

    The first thing a user should do if they receive tokens from a Web3, metaverse, or blockchain project is to check the project’s official blog and social media channels for a post about an airdrop, and if none is announced then the tokens received should be treated as suspicious. It is important to remember that malicious tokens can only attack if they are interacted with. While there isn’t much that can be done for the victims of the Uniswap phishing attack, everyone else should be immediately suspicious of tokens received via a pushed airdrop, as this is not an industry-standard way of conducting airdrops and is often used for phishing attacks.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    CareerHub
    • Website

    Related Posts

    Nestoil Recruitment 2023 October (8 Vacancies), Jobs & Careers Portal

    June 10, 2023

    US Embassy Recruitment 2023 October (10 Vacancies), Jobs & Careers Portal

    June 9, 2023

    UNICEF Recruitment 2023 October (3 Vacancies), Jobs & Careers Portal

    June 9, 2023

    Leave A Reply Cancel Reply

    Search
    Facebook Twitter Instagram Pinterest
    • Jobs in Nigeria 2023/2024: June Recruitment & Job Vacancies
    • Jobs
    • Scholarships
    • School News
    • Reality TV
    © 2023 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.