DeFi Trader Loses $1.2M to Phishing Attack on Fake Uniswap Site

The victim unknowingly approved a malicious transaction on a fake Uniswap site that granted control of their assets to a phishing contract

Jonathan Agozie•July 22, 2025

A decentralized finance (DeFi) trader lost $1.23 million in Uniswap V3 NFTs after signing a malicious smart contract on a counterfeit Uniswap platform. The incident occurred on Monday, July 21, and highlights the growing number of phishing threats targeting cryptocurrency users.

🚨 ALERT: Someone lost $1.23M worth of Uniswap V3 Position NFTs after signing a phishing transaction. 💸 pic.twitter.com/nHcFWMNvdn
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) July 21, 2025

The victim visited a fake site designed to mirror Uniswap’s interface. Believing it to be legitimate, they approved a transaction that silently granted control of their assets to a phishing contract.

Scam Used Multicall and Approval Functions

Blockchain security firm Scam Sniffer traced the breach to a malicious “multicall” transaction embedded with a “setApprovalForAll” command. This approval allowed the attacker to transfer out the victim’s Uniswap V3 Positions NFT without resistance.

Once the contract was approved, the scammer moved the NFTs and quickly withdrew them. The theft was completed in a single sequence of on-chain interactions.

These kinds of phishing attacks continue to spread across decentralized platforms. Fake frontends and smart contract abuse are common tools for draining user wallets.

According to Scam Sniffer, similar scams often exploit the way users sign transactions without checking the underlying contract functions. In this case, the approval gave blanket access to the victim’s NFTs, which were then irreversibly taken.

In a separate case, another DeFi user lost around $1.6 million in stablecoins after repeatedly encountering phishing prompts. The attacker used multiple steps to request approvals, eventually draining crypto assets such as sUSDf and USDe.

Another user fell for a “permit” scam involving USD0++, worth roughly $340,000. This method abused the ERC-20 permit function, which allows approvals via signature without a separate on-chain approval.

Notably, these incidents underscore the importance of users recognizing phishing patterns and verifying contract interactions. Simple steps, such as verifying domain names, avoiding sponsored links, and reviewing transaction data, can help mitigate the risk of wallet compromise.

Get Trending Crypto News as It Happens. Follow CoinTab News on X (Twitter) Now

Jonathan Agozie

Jonathan Agozie is a writer dedicated to delivering clear, well-researched, and technically accurate content on blockchain, cryptocurrency, and Web3 technologies. With a strong background in these fields, he simplifies complex topics for a broad audience, ensuring clarity without compromising depth.