Alert: Phishing Attacks Utilize Genuine Uniswap Contracts to Drain Crypto Wallets
A new approach is being used by scammers to drain wallets and carry out sophisticated phishing attacks. They are exploiting the Multicall feature of Uniswap V3, which is a legitimate feature, to bypass security measures. Unfortunately, this strategy recently resulted in a victim losing 85 Lido ETH to the fraudulent actions of the hackers.
So, how did the hacker manage to do this? The victim’s experience highlights the growing trend of hackers misusing Permit signatures to make themselves appear as the Uniswap Multicall contract for unauthorized asset transfers. Scam sniffer, a Web3 anti-scam platform, alerted the community to this latest scam. By utilizing Multicall’s aggregate function, which includes permit and transfer features, the wallet drainer executed the transaction stealthily and successfully. The victim lost 85 Lido ETH, which is equivalent to approximately 269,620 USD according to market rates.
To avoid being detected by Miner Extractable Value (MEV) bots, the attacker also conducted checks to authenticate the originating address. This made their activity more difficult to identify and increased the challenge of countermeasures.
In response to this incident, developers have activated a new version of the Multicall contract with enhanced permission checks to prevent future front-running attempts. It is crucial for crypto users to exercise caution and not grant token approval to Uniswap Multicall or similar contracts. Phishing attacks can be particularly challenging to combat in a permissionless environment, where ERC token approval is a fundamental feature.
As the crypto ecosystem continues to evolve, it is essential to remain vigilant and adhere to best security practices. This includes avoiding interactions with malicious actors and maintaining trust in the decentralized finance system. Stay informed and stay safe!
You may also be interested in reading about a similar incident where a WBTC investor lost $71 million in a deceptive phishing attack.