Uniswap says phishing scams are a problem "far too common in crypto today" — and is urging its community to be careful.
An estimated $8 million has been stolen after Uniswap liquidity providers fell for a phishing scam.
The decentralized exchange says its infrastructure hasn't suffered an exploit, and that it remains secure to use.
Offering further details about what happened, Uniswap said that the scammer had airdropped malicious tokens to certain wallets.
This subsequently directed users to a fake interface where it was claimed these tokens could be swapped for UNI.
But if unsuspecting victims ended up approving the transaction, the attacker would "have the ability to redeem all of the user's Uniswap v3 LP tokens for their full underlying value."
Uniswap says phishing scams are a problem "far too common in crypto today." Urging the community to remain be careful, it added:
"This is a good reminder for wallets and other interfaces to be vigilant about hiding spam and tokens with URLs in their name."
The DEX stressed airdrops to unofficial domains are highly likely to be phishing attempts — and that, if it was to perform an airdrop, advance notice would be given on a number of official channels.
What Can Be Done?
Uniswap's inventor Hayden Adams was asked what could be done to help prevent such attacks from taking place.
In his eyes, education is crucial — as well as enhancing user interfaces to offer a greater degree of protection. One idea could include hiding unknown tokens that have an URl in the name.
Overall, 73,399 addresses were sent this malicious token that masqueraded as a UNI airdrop.