Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
THORChain (RUNE), a decentralized cross-chain transaction protocol, claims that hackers airdrop UniH tokens to Ethereum addresses as bait to steal RUNE tokens in users' wallets. Hackers have airdropped UniH tokens with malicious contracts to at least 76,000 Ethereum addresses. Once receiving users sell their newly received UniH tokens (or even just approve the sale) on decentralized trading platforms such as Uniswap, the hackers will They can steal any RUNE tokens they have in their wallets. This is because the RUNE token uses a non-standard token contract called "tx.origin". According to Thorchain’s RUNE token contract code “Beware of phishing contracts that may steal tokens by intercepting tx.origin”, it knows that this type of attack may occur. In just a few hours, hackers have stolen USD 76,000 worth of tokens. currency. Attack method (per SlowMist): Phishing attack. Reported loss: $ 76,000.
- chain
- ethereum
- protocol
- THORChain
- bug_class
- phishing
- date_occurred
- 2021-07-24
- loss_usd
- $76,000
- source_id
- sm:thorchain::2021-07-24