Uniswap Sandwich Assault Sees over $25M Lost to Hacker

The Uniswap decentralized exchange (DEX) platform had a severe security compromise recently. A tweet from Lookonchain claims that a “Sandwich assault” resulted in the theft of $25.2 million worth of assets from eight Uniswap pools.

As much as $13.4 million in WETH, $3 million in USDC, $1.8 million in USDT, and 1.7 million in DAI were stolen from eight separate Uniswap pools that were attacked. The stolen cash originated from the cryptocurrency exchange KuCoin and was sent to eight different addresses.

8 addresses stole $25.2M assets from 8 #Uniswap pools by #Sandwich attacking.

Including:
– 7,461 $WETH ($13.4M)
– 5.3M $USDC
– 3M $USDT
– 65 $WBTC ($1.8M)
– 1.7M $DAI

And these 8 addresses are funded by @kucoincom. pic.twitter.com/T769G8TgbI

— Lookonchain (@lookonchain) April 3, 2023

An increasingly common kind of assault is the “Sandwich attack,” which includes putting two transactions on the same block with the intention of freezing the price of the asset being attacked. As a result, the malicious actor may carry out the second transaction at a cheaper rate and benefit from the spread.

Although the specifics of the assault have yet to be published, there is the possibility that the perpetrators used flash loans to artificially inflate or deflate the value of the stolen assets. A flash loan is a short-term unsecured loan that requires repayment in the same transaction as the loan was taken out.

What now?

The event serves as a reminder of the dangers of relying on decentralized exchanges and the need for rigorous security measures. While though Uniswap’s decentralized structure makes it attractive to cryptocurrency traders, the recent hack serves as a sobering reminder that no platform is completely secure.

While no official comment has yet been issued by KuCoin, it is probable that the exchange will attempt to identify and punish those guilty. Until then, Uniswap customers should be on the lookout for any unusual activity in their accounts.

Source