At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing Attack Steals $8 Million Worth of Cryptocurrency

    Scammers stole $8 million worth of Ethereum from users of the Uniswap cryptocurrency exchange, according to Sujith Somraaj at Decrypt. Notably, the attackers relied purely on social engineering to pull off the theft, despite some early claims that they exploited a vulnerability in Uniswap’s underlying protocol.

    “The phishing scam promised a free airdrop of 400 UNI tokens (worth approximately $2,200),” Somraaj writes. “Users were asked to connect their crypto wallets and sign the transaction to claim the malicious airdrop. Upon connection, the unknown hacker grabbed user funds through a malicious smart contract.”

    The scammers used this malicious contract to trick the victims into granting access to their cryptocurrency.

    “Notably, the code was not verified for the smart contract deployed on Etherscan—something most legitimate projects do,” Somraaj says. “After deployment, for collecting their airdropped tokens, the hacker tricked users into signing a transaction. Instead, this transaction served as an approval transaction, giving the hacker access to all the Uniswap LP (Liquidity Pool) tokens held by the user.”

    Somraaj explains how the attackers were able to gain access to the funds.

    “Whenever users add liquidity to Uniswap, they receive LP tokens in return as a representation of their liquidity positions,” Somraaj writes. “These tokens are transferable and use the ERC-721 token standard, like all other NFTs. Hence through an approval transaction, a third- party (the hacker wallet in this case) could spend funds on behalf of the user. After gaining access from the previous approval transaction, the hacker transferred all the LP tokens to his wallet and withdrew all the liquidity from Uniswap.”

    People should always be wary when they see offers that seem too good to be true, particularly when cryptocurrency is involved. We tend to think of cryptocurrency transactions as something individual speculators engage in, but increasingly they touch many businesses as well. They’re novel enough that employees may find themselves gulled through simple unfamiliarity. New-school security awareness training can give your employees a healthy sense of suspicion so they can thwart social engineering attacks.

    Decrypt has the story.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top