Decentralized cryptocurrency exchange Uniswap has been impacted by an advanced phishing attack involving the use of free UNI tokens as lures, resulting in nearly $8 million in losses, BleepingComputer reports. Attackers behind the scheme airdropped an ERC20 token to 73,399 users with UNI tokens, which sought to redirect recipients to the "uniswaplp[.]com" website. Victims were then lured into providing approval rights to the site's operator appearing as "Uniswap V3: Positions NFT," leading to the theft of 7,574 ETH, with 7,500 ETH immediately transferred to the Tornado Cash service. Check Point researchers noted that the threat actors had modified the contract's emit function with fraudulent data to facilitate the scheme, with the lack of validation between the address of the actual sender and the emit function allowing the exploitation of the function for impersonating entities within the transaction log. The Uniswap phishing domain has already been added to MetaMask's warning list.