По информации от главы биткоин-биржи Binance Чанпэн Чжао, исследователи площадки обнаружили потенциальную уязвимость в третьей версии Uniswap (v3). Вскоре оказалось, что речь идет о фишинговой атаке на пользователя, а не об уязвимости протокола.
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ ? Binance (@cz_binance) July 11, 2022
Чжао говорит, что злоумышленник вывел из протокола 4295 ETH ($4,6 млн на момент написания) и отправил их в миксер Tornado Cash.
Компания PeckShield заявила, что произошла атака на провайдера ликвидности (LP).
Here is the approve tx. So it is not an exploit on @Uniswap. Instead someone with the UniswapV3 Liquidity Positions got phished to approve on their positions. @cz_binance https://t.co/atwbLoh7J5 https://t.co/LwQQDZZHTs
— PeckShield Inc. (@peckshield) July 11, 2022
О фишинговой кампании впервые сообщил специалист по безопасности Гарри Денли. Он добавил информацию о том, что злоумышленники отправили вредоносные токены под видом аирдропа от Uniswap на более 70 000 адресов.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— harry.eth ?? (whg.eth) (@sniko_) July 11, 2022
Заинтересованная жертва перенаправляется на мошеннический сайт. Впоследствии хакеры похищают средства.
На данный момент нет точной информации о количестве обворованных пользователей и общей сумме ущерба.
На данный момент есть информация от Чанпэн Чжао и команды Uniswap, что протокол в безопасности.
Connected with the @uniswap team. The protocol is safe.
The attack looks like from a phishing attack. Both teams responded quickly. All good. Sorry for the alarm.
Learn to protect yourself from phishing. Don't click on links. ? pic.twitter.com/FIXebz3iBC
— CZ ? Binance (@cz_binance) July 11, 2022
Missed the Crypto Bull Run? Don't Miss Your Next Big Win!
Try your luck in free slots, make a deposit and win cryptocurrency at the best recommended online casinos! Our website wheretospin.com offers not only the best casino reviews and casino bonuses, but also the opportunity to test your fortune in thrilling games.
Join right now and start your journey to financial freedom with WhereToSpin!
🏜️ Middle East - Premium Gaming Destinations
wheretospininkuwait.com provides a comprehensive selection of trusted online casino reviews افضل كازينو اون لاين for the Middle East region. The platform showcases best bonuses in the region مكافآت الكازينو and regional platforms supporting crypto deposits, including 10bet, Rolling Slots, Dream Bet, Haz Casino, Emirbet, YYY Casino, and Casinia.
For the ultimate premium gaming experience in the UAE, explore Emirates Casino Online - your exclusive gateway to world-class entertainment, generous rewards, and the best UAE casino bonuses!
🌍 South Africa and New Zealand - Top Regional Casinos
In the competitive South African online casino market, wheretospin.co.za highlights top-rated platforms and best SA online casinos such as 10bet and Lemon Casino, offering the most lucrative South African casino bonuses.
Meanwhile, for New Zealand players seeking authentic Kiwi gaming experiences, wheretospin.nz showcases highly recommended NZ online casinos, including Casinia, Lemon Casino, Rolling Slots and Joo Casino, featuring exclusive New Zealand casino bonuses.
🤖 WhereToSpin AI-Powered Casino Matching
Get personalized recommendations with our advanced AI assistance: Best Online Casinos - powered by cutting-edge algorithms to match you with your perfect gaming destination!
Read the real story behind WhereToSpin reviews link.