Cryptocurrency Security: Scammers Target Uniswap & Safe.global
The world of cryptocurrency is known for its security, but even this decentralized world isn’t immune to scams. Cybercriminals are exploiting blockchain protocols to steal funds from unsuspecting investors.
New Blockchain Exploits
Recent research from Check Point Research (CPR) has exposed a new type of scam targeting popular platforms like Uniswap and Safe.global. Attackers are using a method called “multicall2” on Uniswap to disguise their intentions. This function allows them to execute multiple transactions in a single call, masking their true activities from victims.
Similar tactics are used on GnosisSafeProxy contracts. Scammers create contracts that appear legitimate, then use them to carry out fraudulent activities. These scams are difficult to detect, as they manipulate trusted protocols and make their attacks seem like legitimate transactions.
How the Scams Work
These scams exploit the way users interact with blockchain transactions. They leverage the function that allows users to aggregate multiple transactions into a single call. This process usually involves entering the contract address and data to transfer.
Scammers abuse this process by setting Uniswap as the spender address. This tricks victims into thinking they’re using a trustworthy platform, but the transaction actually gives the attackers access to their wallets.
The scammers then use a function called “transferFrom” to withdraw funds on behalf of the victim’s wallet. This function requires approval from the targeted wallet, but the victim is tricked into giving it because they think they are interacting with a legitimate platform.
Similar tactics are used with GnosisSafeProxy, where attackers create fake proxy contracts and convince victims to approve transactions that allow them to steal funds from Safe accounts.
Protecting Yourself
To stay safe, CPR recommends that users:
- Verify all contracts and functions before approving transactions.
- Only interact with official websites to ensure authenticity.
- Stay vigilant about potential scams.
The crypto space is constantly evolving, and so are the tactics used by scammers. Being aware of the risks and taking steps to protect yourself is essential for anyone involved in the crypto world.