VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
More than 70,000 addresses connected to Uniswap were airdropped tokens that tricked users into approving transactions that would allow attackers to control their wallets. The airdrop links users to a phishing site that resembles the real Uniswap site. Users are tricked into signing contracts, and cryptocurrencies and NFTs are stolen from wallets. One of the wallets lost more than $6.5 million worth of ether and bitcoin, and the other lost about $1.68 million worth of cryptocurrency. Attack method (per SlowMist): Phishing attack. Reported loss: $ 12,900,000.
Primary source
https://twitter.com/sniko_/status/1546535668247060481 ↗Sourced from
slowmist
Technical record
- chain
- bitcoin
- protocol
- Uniswap
- bug_class
- phishing
- date_occurred
- 2022-07-11
- loss_usd
- $12,900,000
- source_id
- sm:uniswap::2022-07-11
Related — same bug class· phishing