HomeCoinsEthereum (ETH)Creative attacker steals $76,000 in RUNE by giving out free tokens

Creative attacker steals $76,000 in RUNE by giving out free tokens

- Advertisement -


A rather cunning attack is playing out in the cryptosphere, one that has so far stolen $76,000 in tokens — and it’s only been going for a few hours.

In short, a bad actor is giving out — or airdropping — tokens to various crypto users. This might seem like free money, but it’s a trap. If the recipients spent the tokens, it can enable the perpetrator to steal any Thorchain (RUNE) tokens they happen to own.

“This is a unique exploit that has rarely been used in recent years. But since the attack is so underhanded, it could be quite effective,” explained The Block Research’s Eden Au.

How the attack works

What’s happening is the perpetrator has been airdropping UniH tokens to at least 76,000 Ethereum addresses. The intention is that recipients will see these free tokens and try to sell them on a decentralized exchange.

But these tokens come with a malicious contract. And if the person does indeed sell their newly received UniH tokens (or even just approves them to be sold), then the perpetrator can also steal any RUNE tokens they possess in their wallet.

This is able to happen because RUNE tokens use a non-standard token contract, called “tx.origin.” This specific token contract is not used in the ERC-20 token standard — used by most Ethereum-based tokens — because of its risks. 

What happens is that the UniH tokens carry malicious code that will automatically transfer the user’s RUNE tokens to another wallet (presumably owned by the perpetrator) if approved. 

The only thing it needs is for the user to “call” the contract (i.e. set it in motion). But if the user goes to a decentralized exchange to sell the UniH tokens, it does exactly that — automatically displacing their RUNE tokens.

According to Thorchain’s RUNE token contract code, it was aware that this type of attack could happen. “Beware phishing contracts that could steal tokens by intercepting tx.origin,” it states, when referring to the approval of transactions.

This exploit comes on the same day that Thorchain suffered its third exploit in a month. The network for running cross-chain swaps has now lost a total of $13 million due to a variety of bugs. Supporters maintain that it’s still in a kind of beta form — albeit with real money — and that bugs are expected; hence why they affectionately refer to the network as a “Chaosnet.”

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.





Source link

- Advertisement -
profile logo 500x500
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
462FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,486FollowersFollow
2,230SubscribersSubscribe

Most Popular

bitcoin
Bitcoin (BTC) $ 42,820.00
ethereum
Ethereum (ETH) $ 2,916.78
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 514.88
litecoin
Litecoin (LTC) $ 152.82
eos
EOS (EOS) $ 4.03
okb
OKB (OKB) $ 13.09
tezos
Tezos (XTZ) $ 7.14
leo-token
LEO Token (LEO) $ 2.90
cardano
Cardano (ADA) $ 2.40
monero
Monero (XMR) $ 238.53
stellar
Stellar (XLM) $ 0.280179
chainlink
Chainlink (LINK) $ 23.23
huobi-token
Huobi Token (HT) $ 9.20
tron
TRON (TRX) $ 0.091175
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 165.70
neo
NEO (NEO) $ 39.24
iota
IOTA (MIOTA) $ 1.23
nem
NEM (XEM) $ 0.148745
zcash
Zcash (ZEC) $ 110.21
maker
Maker (MKR) $ 2,278.10
paxos-standard
Pax Dollar (USDP) $ 1.00
ethereum-classic
Ethereum Classic (ETC) $ 47.63
vechain
VeChain (VET) $ 0.0917
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 51.97
kucoin-shares
KuCoin Token (KCS) $ 10.59
waves
Waves (WAVES) $ 24.37