link.png

ID:

thorchain-283

Date:

Status:

Incident Count:

July 23, 2021

Verified

4

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

None

info.png

Audit By:

Audits:

Certik

Loss Amount:

8,000,000

info.png

Recovered:

-

Rewards:

Currency:

USD, ALCX, XRUNE, USDC, SUSHI, YFI, USDT

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Thorchain

Protocol

Dexes

Contract Vulnerabilities

Extended Method:

Contract vulnerabilities

info.png

Days in Operation:

1566

(4.29 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

THORChain (RUNE), a decentralized cross-chain transaction protocol, said it was attacked again, and many ERC20 tokens including XRUNE were affected. Thorchain told CoinDesk a whitehat hacker deployed a custom contract that was able to trick its Bifrost Protocol into receiving a deposit of fake assets. Not long ago, THORChain updated Eth Bifrost to allow the routing contract to be "encapsulated" by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself, while Bifrost will report msg. value = 200 instead of depositAmount = 0, so as to realize the profit of calling the routing contract with the amount of 0 ETH. The attack was very restrained eluding that the attacker may be a whitehat hacker.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.