Hackers use sandwich attack to steal over $25.2m from Uniswap

Hackers used the sandwich attack to successfully steal approximately $25.2 million worth of crypto from the well-known decentralized crypto market Uniswap. 

Hackers could buy and sell tokens at inflated prices due to the assault, which took advantage of a flaw in Uniswap’s pricing system. This effectively tricked the exchange into sending money to the hackers’ wallets.

Uniswap, a decentralized exchange, faced a significant “Sandwich attack” security compromise. Assets worth $25.2 million were stolen from eight distinct Uniswap pools due to the hack. The incident emphasizes the dangers of using decentralized exchanges and the necessity of exercising caution when interacting with such systems.

The attackers took advantage of a flaw in Uniswap’s smart contract, which allowed them to carry out a series of trades that ultimately allowed them to withdraw money from the vulnerable pools.

8 addresses stole $25.2M assets from 8 #Uniswap pools by #Sandwich attacking.

Including:
– 7,461 $WETH ($13.4M)
– 5.3M $USDC
– 3M $USDT
– 65 $WBTC ($1.8M)
– 1.7M $DAI

And these 8 addresses are funded by @kucoincom. pic.twitter.com/T769G8TgbI

— Lookonchain (@lookonchain) April 3, 2023

The stolen money was tracked to eight different addresses, suggesting that a group of people probably planned the crime. Although the assailants’ names are unknown, the episode highlights the necessity for ongoing caution in the face of more complex attacks.

Numerous MEV bots carried out sandwich trades based on the Etherscan transaction history. Getting other traders to buy or sell the asset is the goal of shifting the price in the desired direction. A validator was then used to replace the reverse transactions.

#PeckShieldAlert The stolen funds (~25M) are mainly located in 3 addresses, 0x3c98…8eb (~20M), 0x5b04…5b6 (~2.3M) and 0x27bf…f69 (~3M)
0x84cB…8D1, 0x88Fd…7EE, 0x94e0…87C, 0x0429…46C, 0xEafc…D1B, 0xCaCE…975, 0x5b04…5b6 and 0x27bf…f69 these 8 addresses were… https://t.co/7g60VX8ica pic.twitter.com/7oFwYSVoyn

— PeckShieldAlert (@PeckShieldAlert) April 3, 2023

Since then, Uniswap has taken action to remedy the attack’s exploited weakness and has asked its users to continue being watchful in guarding their money. Because blockchain technology is decentralized, no centralized authority can intervene to recover monies that have been stolen, emphasizing the need for users to take charge of their own security.

The incident serves as a reminder of the MEV assaults‘ growing threat to the crypto ecosystem. Since automated trading bots have expanded recently, MEV assaults have become more frequent. Developers and users must be on the lookout for such assaults and take precautions to protect their systems.