Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

July 24, 2021

info.png

Verified

4

zerofriction.io

Loss Amount:

76,000

info.png

Recovered Amount:

-

Currency:

Dollars, RUNE

KYC By:

Audit By:

None

None

info.png

Website:

Twitter:

No data

Discord:

No data

Telegram:

No data

Medium:

No data

Github:

No data

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Thorchain

Protocol

Dexes

Contract Vulnerabilities

Extended Method:

contract backdoor

Data Sources:

info.png

THORChain (RUNE), a decentralized cross-chain transaction protocol, claims that hackers airdrop UniH tokens to Ethereum addresses as bait to steal RUNE tokens in users' wallets. Hackers have airdropped UniH tokens with malicious contracts to at least 76,000 Ethereum addresses. Once receiving users sell their newly received UniH tokens (or even just approve the sale) on decentralized trading platforms such as Uniswap, the hackers will They can steal any RUNE tokens they have in their wallets. This is because the RUNE token uses a non-standard token contract called "tx.origin". According to Thorchain’s RUNE token contract code “Beware of phishing contracts that may steal tokens by intercepting tx.origin”, it knows that this type of attack may occur. In just a few hours, hackers have stolen USD 76,000 worth of tokens. currency.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.