Binance CEO Changpeng ‘CZ’ Zhao tweeted about what he believed to be a potential hack on the Uniswap V3 protocol on the Ethereum blockchain. He revealed that the hacker had already stolen around 4,295 ETH and was using Tornado Cash to launder the funds.
CZ used this tweet to warn Uniswap, which he said was one of the few tokens to be listed without any direct contact information. While many applauded CZ’s commitment to the overall security of the crypto ecosystem, others criticized his tweet as “extremely irresponsible“.
Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thankshttps://t.co/OV3g7ayf77
— CZ 🔶 Binance (@cz_binance) July 11, 2022
As later clarified by Uniswap and CZ itself, the Uniswap protocol is completely safe. The hack was actually a successful phishing campaign. Although CZ apologized for this false alert, many experts criticized him as such incidents can create panic in the market.
Uniswap’s native token, UNI, has fallen 9% in the past 24 hours.
Phishing attack on Uniswap
Binance’s CEO revealed that Binance’s threat intelligence system regularly scans public blockchains to reveal any potentially dangerous behavior. The threat intelligence system flagged a set of transactions as exhibiting malicious activity. CZ’s tweet also provided the public address of the malicious party.
Harry Denley, security researcher at Metamask, revealed that a total of 73,399 addresses were targeted by the phishing attempt, under the false impression of a $UNI airdrop. He also described that the phishing attempt managed to pass itself off as an attempt toUniswap V3: NFT Locations.
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's
Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00ccc: @Uniswap @etherscan pic.twitter.com/5W51AikFuV
— harry.eth 🦊💙 (whg.eth) (@sniko_) July 11, 2022
Samczsun, another security expert, called the attempt a highly successful phishing attack. The attacker then uses Tornado Cash, a privacy tool, to launder the stolen funds.
How did the @wormholecrypto exploit work? I joined forces with @gf_256 and @ret2jazzy to reverse engineer the exploit, and now that it's been patched we can finally share it with you👇 pic.twitter.com/lXwD0GLZ3N
— samczsun (@samczsun) February 3, 2022
Experts call CZ irresponsible
ChainLinkGod.eth, a ChainLink Community Ambassador, called CZ’s behavior irresponsible, pointing out that misinformation spreads very fast. Frank Chaparro, host of The Scoop Podcast, shared similar sentiments.
Their fears of panic and misinformation are not unfounded. Major influencers repeated the news that Uniswap was hacked when it was actually a phishing attack. The weekend. eth and ap3fathertwo major crypto influencers, fell into the same trap and called on their followers not to use Uniswap.
To display Hide the table of contents