$20 000 USD

NOVEMBER 2020

GLOBAL

UNISWAP

DESCRIPTION OF EVENTS

"Uniswap is an Ethereum exchange, built using smart contracts and liquidity pools, as opposed to the order book of a traditional centralized exchange (CEX), such as Binance. With any Ethereum wallet, users can simply connect to the Uniswap application and effortlessly exchange ERC20 tokens without first sending them to the exchange platform account."

 

"[T]he development of Uniswap was facilitated by Vitalik Buterin’s idea for a decentralized exchange (DEX), which would involve an automated market maker. Actually, the protocol developer himself, Hayden Adams, at first tried to just practice development on Solidity, and later this hobby brought him several grants and $100 000 from the Ethereum Foundation. Now the project went far beyond just entertainment and became one of the most important components of the entire DeFi industry."

 

"At the end of November 2020," "[i]t seems that someone copied Uniswap’s application (UniDEX) and placed it for downloads on the Google Play Store – the online store for applications, music, movies, games, and more for Android users."

 

"The copycat app has received 100 “fake positive reviews,” which seemed sufficient for the victim to input his private key backup phrase. However, a simple search showcases that while the UniDEX application has over 50,000 downloads and 4,000 reviews, the fake app has only 100 downloads and the aforementioned 100 reviews."

 

"The fake application pretends to be the Uniswap's decentralized exchange platform and copies the original web protocol template." "[The] fake application of the decentralized exchange Uniswap appeared on Google Play, [and] stole cryptocurrencies from users." "A fraudulent mobile application claiming to be the Uniswap exchange has reportedly stolen money from an investor." "One of them lost $20,000."

 

"Alex Saunders, founder and CEO of the Australia-based Nuggets News, recently reported that one of his members lost $20,000 to a fake Uniswap mobile application that was listed on the Google Play Store. The app, called “Uniswap DEX,” was published Nov. 10 by a person or entity called Uniswap Inc."

 

"Just had a member of ours lose $20k to a fake @UniswapProtocol mobile App on @GooglePlay store as it has 100 fake positive reviews so he trusted to input private key backup phrase."

 

"The user reportedly entered in their private key backup phrase, thinking they were accessing the Uniswap decentralized exchange, when the theft occurred."

 

"Google Play Store has over a hundred fake reviews giving the malware a 4.5-star rating." "At press time, the app had 123 (likely fake) positive reviews on Google Play Store and was still available for download. More than 100 people have downloaded the app so far." "It has been downloaded over a hundred times and was uploaded by a spurious developer email account called hello@unidex.com." "Reading the reviews, most new comments informed that the application is a scam, with some people claiming to have lost some of their cryptocurrency in the applications."

 

"When trying to report the dodgy app and flag it as inappropriate, Google redirects users into a rabbit warren of pages that fail to accomplish the task of warning the company about the dubious applications on its app store."

A fake Uniswap application showed up in the Google Play application. This application managed to trick at least one user into giving over their seed phrase, costing them roughly $20,000 worth of cryptocurrency. There is no evidence that any funds were recovered.

HOW COULD THIS HAVE BEEN PREVENTED?

Always check and visit the official website of a service. The majority of funds should be stored offline and not on a live wallet application. When setting up a new wallet or upgrading wallet software, never enter your pass phrase or send any funds without first transferring a smaller amount.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.