A bad actor is abusing airdrop approval to steal RUNE tokens from victims

After being attacked by a white hat hacker earlier today, cross-chain protocol Thorchain is once again in the spotlight because of yet another exploit on its codebase.

According to multiple user reports, a bad actor is currently airdropping UNI Holding (UniH) tokens to a slew of addresses.

If the airdrop gets approved for swapping, the victim’s wallet gets drained because of a quirky function called transferTo.

Someone is airdropping UniH tokens to ETH adresses.

Just ignore : do not exchange them on UniSwap. If you approve it for swapping, the contract will drain your wallet.

— THORchain.BULL (@THORmaximalist) July 23, 2021

It creates a vulnerability that allows malicious actors to steal tokens by intercepting tx.origin, which is a variable in the Solidity programming language that returns the address of the sender. In plain words, it makes it possible for someone to send tokens from your own wallet on your behalf.

The hacker has stolen $72,659 worth of RUNE tokens as of press time.

Users are encouraged to be mindful when approving suspicious tokens that happen to be airdropped to their wallets.

When it rains, it pours

On July 23, Thorchain—which allows seamless swapping of numerous cryptocurrencies —acknowledged that it had suffered “a sophisticated attack” and had lost $8 billion. A benevolent hacker wanted to teach the project a lesson, claiming that the fallout from the attack could be much worse in his note:

Do not rush code that controls 9 figures.

Earlier this July, the Thorchain project also endured a $5 million exploit.

The wallet-draining airdrop has only extended its streak of bad luck.

Wishes are drowned in the darkness of need
This is default text for notification bar