Connect with us
Active Currencies 16235
Market Cap $3,477,996,929,354.00
Bitcoin Share 55.23%
24h Market Cap Change $-2.95

Yield farming project scams Ethereum users of $200,000 worth of Uni

2min Read

Share this article

A research conducted by Alex Manuskin, at ZenGo revealed today on twitter that “yield farming” project UniCats allegedly stole nearly $200,000 worth of Uniswap (UNI) tokens from several ethereum users. 

Manuskin believed that UniCats added a “backdoor” to the yield farming smart contract which allowed the platform to have complete control over its users’ tokens even after users withdrew it from the farming pool.

Manuskin illustrated how an anonymous user, named “Jhon Doe” for privacy reasons, apparently lost $140,000 worth of UNI as a result of this scam. The researcher believed that Doe would have fallen for the scam under the assumption that farming with UniCats would lead to “the next YFI” like success. 

It is typical of yield farming Dapps to ask for users’ permission to spend an infinite number of tokens, and the user in question consented to a similar request seen in the image below: 

Image Source: @amanusk

After this, the researcher used an etherscan tracking report to indicate that the user would have farmed “some $MEOW,” and then decided to pull out all of the UNI tokens from the pool. Manuskin explained the process in a tweet: 

What Jhon doesn’t know, is that once you approve the contract to use ∞ tokens, the contract can take their tokens at any time. Even after they were withdrawn from the farming scheme.

In fact, to cover their tracks, UniCats developers created new smart contracts “for each new victim” and that the developers moved bulks of stolen 100ETH into Tornado Cash, an experimental software and a privacy mixer for Ethereum which make the process of tracking the destination of funds extremely difficult. 

In his research, Manuskin mentioned that this scam would be a first, especially to take advantage of their own farming pools protocols. Recently, Bancor, a decentralized liquidity provider, was under attack by hackers who found a similar backdoor vulnerability on its smart contract protocol, which led to a loss of user funds. 

Share

Alisha is a full-time journalist at AMBCrypto. Her interests lie in blockchain technology, crypto-crimes, and market developments in Africa and the United States
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.