According to SlowMist's Yu Xian, a user mistakenly clicked on a phishing link while searching for Aave on Google, authorizing their Uniswap LP NFT to a malicious contract, and subsequently had approximately $1.23M in assets stolen (including 491,239.00 USDe and 744,997.00 USDT). The attacker used Uniswap's multicall mechanism to complete the authorization and transfer operations. Users are reminded not to access DeFi protocols through search engines and should verify the official website link. [Wu Blockchain]

User mistakenly enters a phishing website while searching for Aave, leading to the theft of $1.23M in assets due to LP NFT authorization.