THORChain is in hot waters again less than 24 hours after the last hack on July 23. This time it’s actually more serious. Interaction with any malicious contract can allow the attacker(s) to drain your wallet off the RUNE balance! It has worked as follows for now: attacker mass drops a token called UNIH to wallets, it’s worth something so users try to swap it on Uniswap. Before anything can be traded, you have to approve it. But if you do, the attacker can transfer your THORChain RUNE balance to his own wallet!
How is it even possible? Sadly, it appears that THORChain developers made a critical mistake while writing the code or they just wanted to save their users a few dollars by combining two tx in one. But it was a fatal diversion from solidity design principles and went contrary to what the documentation cautioned against. The surprising is that numerous audits conducted so far failed to report the issue also.
The developers at THORChain have used the transferTo function in the code, allowing any contract which interacts with it to transfer the RUNE balance. It uses tx.origin to authenticate the tx on your behalf. Also, it doesn’t check the allowance in the contract before transferring – sort of an infinite approval. It’s a strict no-no. Even the THORChain code documentation notes the danger of using this approach, but somehow they still went with it.
Apparently, the THORChain attacker has dropped the UNIH to thousands of wallets and is now draining their RUNE balance to his own. A clear assessment of the total amount stolen isn’t directly possible. THORChain RUNE price is now showing a 23%+ decline in the last 24 hours and is currently changing hands at around $3.63. It’s essential that users don’t approve smart contracts that aren’t trusted, though the THORChain should certainly do a better job at ensuring the security of the users as they can’t be assumed to know and safeguard themselves against complex vulnerabilities.
- Shiba Inu Price Prediction: How High can SHIB Price reach by 2030?
- How to participate in ThorChain Liquidity Pool (Rune) To Make Money?
- Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses
- Shiba Inu to Reach 1$ soon? This New Upcoming Development Proves it Right
- Emerging Reports That THORChain Hacked For 2400 ETH, What Happened?
- THORChain Hacked For $8M Again, Whitehack Suspected
- What Is Thorchain crypto? Enter This Exciting Project!
- Can Shiba Inu Price Reach 10 Cents?
- Lightning Network Can Be Paralyzed With 0.25 BTCs Spend, Research Shows
- THORChain “Bring The Chaos” Mainnet Goes Live!
- Big News: Ripple Price is about to TRIPLE? This News Confirms…
- Stellar (XLM) Silently Patched a 2.25 Billion XLM Inflation Bug in 2017
- Top 5 Performing Cryptocurrencies of the Week -(Week 23)
- Top 5 Performing Cryptocurrencies of the Week -(Week 11)
- Ripple Price Prediction – How High will XRP Reach in 2025?
- Top 5 Cryptocurrencies of the Week -(Week 43)
- Pi Network Crypto – Full Review 2023
- How High will XRP Price reach after Ripple wins the SEC Lawsuit? XRP 3$?
- Top 5 cryptocurrencies to watch right now
- Top 5 Cryptocurrencies Of The Week – Week 51
- Top 10 Staking Blockchains 2020 – These Proof of Stake Coins Have Had the Highest Return this Year!
You might also like
More from Altcoin
TOP 10 Undervalued MEME Tokens after Pepe – 2023
Meme coins are emerging as a promising option. This article is all about the top 10 undervalued meme tokens after …
Say Goodbye to DOGE and Hello AIDOGE! Prices are up by 150%?
In this article, we will explore ARBDOGE, its key features, and why it has gained attention in the world of …
Turbocharging the Crypto World: ChatGPT Coin TURBO Surges 2,000%
This article details the journey of creating TurboToadToken developed with the assistance of GPT-4. Let's take a look at this …