Uniswap Hack: Exploitation of Multicall Results in Phishing Attack, Resulting in the Loss of 85 Lido ETH
News 

Uniswap Hack: Exploitation of Multicall Results in Phishing Attack, Resulting in the Loss of 85 Lido ETH

Article Rewrite:

Important Information for Cryptocurrency Users: Hackers Exploiting Uniswap Multicall Feature in Phishing Attacks

Be cautious, cryptocurrency users! Hackers are becoming more cunning in their tactics. They have now resorted to using Multicall, a legitimate feature of Uniswap V3, to carry out advanced phishing attacks and bypass security measures. This new strategy has recently resulted in the loss of 85 Lido ETH for one unfortunate victim who fell prey to their fraudulent actions.

Curious to learn how these scams work and how to protect yourself? Keep reading to find out!

Revealing the Sneaky Tactics: How Are They Doing It?

The victim’s experience sheds light on how hackers are exploiting Permit signatures to pose as the Uniswap Multicall contract and transfer assets without permission. Scam sniffer, a web3 anti-scam platform, alerted the community about this latest scam. By utilizing Multicall’s aggregate function, which includes permit and transfer features, the hacker was able to execute the transaction discreetly and successfully drain 85 Lido ETH from the victim’s wallet. At current market rates, this amounts to nearly 269,620 s.

[1/6] ⚠️ Wallet drainers are now using legitimate contracts like Uniswap V3’s Multicall to bypass wallet security alerts for phishing attacks .
A victim lost 85 Lido ETH to such tactics 5 days ago.
pic.twitter.com/7MsdP5qSVk
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer)
May 5, 2024

To avoid detection by MEV (Miner Extractable Value) bots, the attacker conducted checks to verify the authenticity of the originating address. This masked their activity and made the identification process more challenging.

Despite the introduction of various countermeasures to combat this type of threat, front-running remains a significant barrier.

Are You Taking the Necessary Precautions?

In response to these incidents, developers have activated a new version of the Multicall contract with enhanced permission checks to prevent future front-running attempts. It is crucial for crypto users to act cautiously and refrain from approving token transfers for Uniswap Multicall or similar contracts.

As the ERC token approval function is inherent to the nature of a permissionless environment, combating phishing attacks can be quite challenging.

As the crypto ecosystem continues to evolve, it is essential to stay informed about the best security practices. This includes avoiding malicious actors and maintaining trust in the decentralized finance system. Stay informed and stay safe!

Also, Check Out a Similar Incident:
WBTC Investor Falls Victim to $71 Million Phishing Attack

Staying informed is of utmost importance! How do you keep yourself updated on the latest crypto security risks? Share your tips.

Tags:
Hack

Leave a Reply

Your email address will not be published. Required fields are marked *