Binance CEO's Tweet About Uniswap V3 Threat Alarms Investors; Attackers Siphon Off Over $4.7M From Exploit

Binance CEO Changpeng Zhao, more popularly known as CZ on Crypto Twitter, has said that the crypto exchange's threat intel detected a potential Uniswap V3 exploit. It turns out that sophisticated scammers have been able to siphon more than $4.7 million worth of ETH from one of Ethereum's DeFi apps.

The CEO asked Crypto Twitter on Monday if someone could notify the DeFi app UniSwap that Binance's in-house security team has detected a possible exploit in the V3 of Uniswap. The DeFi app is considered one of the largest decentralized crypto exchanges by transaction volume and is one of the leaders in decentralized finance.

The team apparently uncovered that the "hacker" stole 4,295 ETH, which is around $4.7 million based on the current price of Ethereum. CZ also noted that the loot was being washed through the non-custodial privacy solution Tornado Cash.

"Our threat intel detected a potential exploit on Uniswap V3 on the ETH blockchain. The hacker has stolen 4295 ETH so far, and they are being laundered through Tornado Cash. Can someone notify @Uniswap? We can help. Thanks," the tweet read.

CZ later shared a screenshot of his conversation with the Uniswap team following his initial tweet with the team informing the CEO that the incident was not actually an issue in the protocol's code but rather a sophisticated version of a phishing scam. It turned out that while it was not a hack on the V3, the scammers manipulated the event data in the From field in the blockchain transaction explorer to make it look like Uniswap was airdropping tokens.

In the cryptocurrency industry, airdrop or airdropping refers to a marketing stunt that involves sending crypto assets to wallet addresses to promote the token.

The investors were then rerouted to a website that looked like Uniswap (but actually it was not), and as soon as users connected their wallets, the scammers drained their wallets.

The incident was first discovered by Harry Denley, a Metamask security researcher who shared the exploit on Twitter as early as Monday. According to him, 73,399 addresses received malicious ERC-20 tokens dubbed UniswapLP with the sole purpose of stealing the assets of the recipients.

Those curious about the new token clicked the link, but unknown to them, they were redirected to a website that looked like they could swap the new airdropped tokens to UNI, the native token of Uniswap. In reality, users were in the scammers' command center, who did their absolute best to drain crypto wallets.