- A cryptocurrency security researcher and developer has helped return $10,000 worth of crypto to a phishing victim
- The victim unwittingly downloaded and used a fake Uniswap app
- If in doubt about the validity of an app, follow links from the company website or social media accounts
A cryptocurrency security researcher has revealed how he worked with Binance to help return $10,000 worth of coins to a phishing victim. Harry Denley, who has stepped in on behalf of phishing victims in the past, recorded his biggest recovery last week and has detailed his exploits in a blog post which highlights the importance of verifying the authenticity of apps.
Cryptocurrency Phishing Attack Uses Fake Uniswap App
Denley explains how the cryptocurrency phishing attack was a sophisticated one that used a replica Uniswap UI (user interface) to steal the victim’s private key, keystore file, and mnemonic phrase:
⚠️ We are seeing this becoming more frequent – web3 phishing is asking users for raw secrets by imitating @metamask_io popups (MetaMask won’t ask for your key like this)#cryptocurrency #security
cc: @BalancerLabs https://t.co/YtYEpDnHDZ pic.twitter.com/UQxhDdoa4T
— harrydenley.eth ◊ (@sniko_) July 9, 2020
The victim downloaded the malicious app which prompted him to connect his MetaMask account to the interface. Once the user entered his details, the fake MetaMask popup gave out an ‘error’, asking for his private key, keystore file, and mnemonic phrase to confirm his ownership. These details were then recorded by the hacker before the unsuspecting victim was forwarded onto the genuine Uniswap interface. In the background however, the hacker was preparing to drain the user of their cryptocurrency.
Denley Regains Wallet Access
Denley naturally keeps the finer points of his methodology to himself, but, as in previous cases, he was able to access the database the hackers were using and take control of the compromised wallet before it could be emptied. Denley realized the victim was a Binance user and contacted the exchange to see if he could reunite the cryptocurrency with the user. Binance put him in touch with the victim and Denley was able to send the funds through to the presumably relieved individual.
Cryptocurrency hacking stories rarely end as well as this, and it is vital that you remember to verify that the apps you are downloading and using are the legitimate ones and not clever mockups. If you are in any doubt, use links provided by the company’s website or through their social media accounts to avoid phishing attacks like this.