Scam Alert: This is How $300k in ETH Was Stolen From Uniswap, a DeFi DApp

An exploit on a liquidity pool in Uniswap, a DeFi, resulted in the loss of slightly over $300,000 in Ethereum (ETH).

The loss of $300,000 in ETH, an appreciating asset, is a big dent—and in the face of sophisticated hackers who understand the ins and outs of the protocol, more work needs to be done on the leaky DeFi roof.

What is Uniswap?

Uniswap is a decentralized protocol built on the Ethereum blockchain that facilitates the exchange of Ethereum and tokens via liquidity pools.

Instead of an order book, of which there have been claims of manipulation, the protocol leverages liquidity pool where participants earn money for supplying any amount of funds for liquidity.

Anyone can create a liquidity pool, which is a market, by providing an equal amount of ETH and ERC-20 token, and providing his ideal exchange rate.

The imBTC Pool exploited

However, today’s exploit was different. Hackers targeted imBTC, a wrapped version of Bitcoin created by imtoken in partnership with Tokelon, a decentralized exchange, available at UniSwap.

The DEX acknowledged the attacked and notified the community that the funds on the imBTC liquidity pool was drained after the hacker utilized an attack vector on tokens derived from the ERC-777 standard on UniSwap.

Good news is that BTC held in custody wasn’t affected but imBTC transfers have been temporarily paused as the DEX evaluates the situation.

What is the ERC 77 Standard?

Like ERC 20, the ERC 777 is a standard.

Both co-exist in the Ethereum blockchain but the tokens bear different feature serving different needs. The standard is advanced by Jordi Baylina, Jacques Dafflon, and Thomas Shababi.

It seeks to improve some inefficiencies of the ERC-20 standard, popular because of its simplicity but underperforms because of its underpowered.

Still, it is backward compatible with ERC 20 tokens and adds “hooks” which are payable functions for tokens.

There are no payable functions in ERC-20 tokens meaning if one wants to exchange ETH for DAI, for instance, one must initiate a transaction to approve an infinite amount of DAI and another transaction to swap it for ETH.

This is because in the ERC-20 standard, code will only execute when they receive ETH, and not tokens.

Attackers took advantage of Hooks and stole $300,000 in ETH

Because of “hooks” enabled in the ERC 777 standard, there is no need of double transactions easing the free flow of funds between different dapps.

But it exposes dapps to re-entry attacks. Re-Entry attacks are not new as it was an exploit the DAO attacker used. This time round, the same exploit is possible with ERC 777 tokens.

And the attacker used it to steal $300,000 worth of ETH because before this attack, Uniswap V1 didn’t support but after the last upgrade to V2, it introduced ERC 777 support. It just didn’t take time for the attack to figure out the vulnerability and take advantage of it.