As the airdrop is accepted for exchange, the victim’s cryptocurrency wallets will be deflated owing to a strange feature known as transferTo.
Scam Alert: To Steal RUNE Tokens From Victims, Cryptocurrency Wallets Deflate
Thorchain, the cross-chain protocol that was hacked earlier today by a white hat hacker, is once again in the limelight due to yet another exploit in its codebase.
According to multiple user complaints, a malicious actor is presently airdropping UNI Holding (UniH) tokens to several other addresses.
If the airdrop is authorized for exchanging, the victim’s wallet is depleted due to a peculiar feature called transferTo.
Someone is airdropping UniH tokens to ETH adresses.
Just ignore : do not exchange them on UniSwap. If you approve it for swaping, the contract will drain your wallet.
— THORchain.BULL (@THORmaximalist) July 23, 2021
It introduces a flaw that allows hostile actors to steal tokens by intercepting tx.origin, a Solidity programming language variable that returns the sender’s address. To put it another way, it allows someone to transmit tokens from your wallet on your behalf.
As of the time of publication, the hacker has stolen 72,659 RUNE tokens
Users are advised to exercise caution while accepting questionable tokens that have been airdropped into their wallets.
It Pours When It Rains
On July 23, Thorchain, which enables the seamless exchange of several cryptocurrencies, revealed that it had been the victim of a “sophisticated attack” and had lost $8 billion. In his message, a benign hacker wished to teach the project a lesson, stating that the repercussions from the assault might be far worse:
“Code that manages 9 numbers should not be rushed.”
Earlier this month, the Thorchain project was also the victim of a $5 million hack.
The wallet-draining airdrop has just added to the poor luck.