Binance CEO CZ Tweets About Uniswap V3 Threat: Was It Hacked? Well, Not Really

Zinger Key Points
  • Sophisticated scammers executed a phishing scam on Uniswap V3 liquidity providers.
  • More than 4,295 Ether ($4.7M) has been stolen from users.

Binance CEO Changpeng Zhao ("CZ") sent a tweet on July 11 alarming the Twitter Inc TWTR community of a potential exploit on Uniswap UNI/USD.

What Happened: Uniswap is among the original DeFi applications on Ethereum ETH/USD. The smart contracts that comprise the protocol hold nearly $5 billion worth of digital assets and has been regarded as bulletproof by DeFi investors due to their relatively simple code.

Zhao also noted in his tweet that 4,295 Ether ($4.7 million) has been drained from Uniswap’s protocol and is currently being laundered through a decentralized application called Tornado Cash.

Shortly after Zhao’s initial tweet, he tweeted a screenshot of a conversation with the Uniswap team. The team notified him that the scam, they believe, was not a problem with the protocol’s code, but rather a sophisticated phishing scam.

How It Happened: The fraudsters were able to change the event data on the blockchain to make it appear that Uniswap was airdropping tokens to those who provide liquidity on the platform. The contract directed investors to a website that looks similar to Uniswap, and once users connected their wallets, their cryptocurrency was drained from their wallets.

Why It Matters: Phishing scams are incredibly common in Web3, as it’s much easier to execute than a hack. Instead of trying to hack a protocol’s code to steal digital assets, fraudsters will trick users into allowing them to access their funds remotely. Not only are these scams common in DeFi, but the majority of "NFT hacks" are also complex phishing scams.

DeFi investors must remain vigilant to avoid the risk of being defrauded online. It’s important to never connect a cryptocurrency wallet to a website that you’re not familiar with, and it’s incredibly important to double-check a website’s domain to be sure it’s the correct page.

Posted In: CryptocurrencyNewsTop StoriesMarketsTechBlockchairChangpeng ZhaoCZDeFiphishTornado CashWeb3