No, there was no vulnerability in the Uniswap V3 contract
In a recent tweet, Binance CEO Changpeng Zhao admitted that his alert on Uniswap, the biggest decentralized cryptocurrency, was a false alarm.
Earlier today, Zhao tweeted about a “potential exploit” on Uniswap V3 that allowed a hacker to steal 4,295 Ethereum (roughly $5.1 million). His unsettling comment led to a sizeable drop in the price of the native UNI token.
However, blockchain security and data analytics company concluded that the alarm was a false positive, explaining that this was a normal operation of collecting fees and withdrawing the liquidity.
In his follow-up tweet, Zhao clarified that it was a phishing attack after coming into contact with the Uniswap team. The UNI token pared some of its losses after the clarification, but it is still down more than 9% over the last 24 hours, underperforming the rest of the cryptocurrency market.
According to a Reddit post detailing the attack, 7,500 Ethereum ($9.1 million) after the bad actor “airdropped” a malicious token to 73,399 addresses. The attacker managed to steal ERC20 tokens and some non-fungible tokens on top of ETH.
Users who were baited into checking out the fake token were redirected to a Uniswap copycat that asked users to connect their wallets to drain their funds.
The stolen crypto is currently being laundered with the help of the Tornado Cash decentralized mixer protocol.
Uniswap users have been cautioned against interacting with any suspicious tokens in the wake of the recent phishing attack.
In May, the decentralized exchange surpassed $1 trillion in user fees.