No, there was no vulnerability in the Uniswap V3 contract
one in Recent TweetBinance CEO Changpeng Zhao admitted that his alert on the largest decentralized cryptocurrency, Uniswap, was a false alarm.
Earlier today, Zhao tweeted about a “potential exploit” on Uniswap V3 that allowed a hacker to steal 4,295 Ethereum (about $5.1 million). His disturbing remarks caused a massive drop in the price of the native UNI token.
However, the blockchain security and data analytics firm concluded that the alarm was a false positive, explaining that it was a normal operation to collect fees and withdraw liquidity.
In his follow-up tweet, Zhao clarified that it was a phishing attack after coming into contact with the Uniswap team. The UNI token eased some of its losses following the clarification, but it is still down more than 9% over the past 24 hours, underperforming the rest of the cryptocurrency market.
According to a Reddit post detailing the attack, 7,500 Ethereum ($9.1 million) after the bad actor “airdropped” malicious tokens to 73,399 addresses. The attacker managed to steal ERC20 tokens and some non-fungible tokens on top of ETH.
Users who were provoked to investigate counterfeit tokens were redirected to a Uniswap copycat that asked users to connect their wallets to withdraw their funds.
The stolen crypto is currently being laundered with the help of the Tornado Cash decentralized mixer protocol.
In the wake of the recent phishing attack, Uniswap users have been cautioned against interacting with any suspicious tokens.
In May, the decentralized exchange crossed $1 trillion in user fees.