Main navigation

Scam Alert: Cryptocurrency Wallets Getting Drained After Approving This Airdrop

News
Fri, 07/23/2021 - 16:10
article image
Alex Dovbnya
A bad actor is abusing airdrop approval to steal RUNE tokens from victims
Scam Alert: Cryptocurrency Wallets Getting Drained After Approving This Airdrop
Cover image via stock.adobe.com
Read U.TODAY on
Google News

After being attacked by a white hat hacker earlier today, cross-chain protocol Thorchain is once again in the spotlight because of yet another exploit on its codebase.

According to multiple user reports, a bad actor is currently airdropping UNI Holding (UniH) tokens to a slew of addresses.

If the airdrop gets approved for swapping, the victim's wallet gets drained because of a quirky function called transferTo.

It creates a vulnerability that allows malicious actors to steal tokens by intercepting tx.origin, which is a variable in the Solidity programming language that returns the address of the sender. In plain words, it makes it possible for someone to send tokens from your own wallet on your behalf.

The hacker has stolen $72,659 worth of RUNE tokens as of press time.

Users are encouraged to be mindful when approving suspicious tokens that happen to be airdropped to their wallets.

Related
U.K. Man Involved in Hacking Elon Musk's Twitter Account Arrested in Spain

When it rains, it pours

On July 23, Thorchain—which allows seamless swapping of numerous cryptocurrencies —acknowledged that it had suffered "a sophisticated attack" and had lost $8 billion. A benevolent hacker wanted to teach the project a lesson, claiming that the fallout from the attack could be much worse in his note:

Do not rush code that controls 9 figures.

Earlier this July, the Thorchain project also endured a $5 million exploit.

The wallet-draining airdrop has only extended its streak of bad luck.

article image
About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.