CoinEx Security Team: How to Protect THORChain (RUNE) from Hackers

How secure is THORChain (RUNE)?

Through analysis of the contract code and logic of THORChain (RUNE), the CoinEx security team has found the following risks.

Attack №1: Pilfer a Goat from a Herd

Addresses on Ethereum are divided into external addresses and contract addresses. Transferring ETH to these two types of addresses through external addresses is fundamentally different. The Official Documentation of solidity states that a contract address must implement a receive Ether function before making transfers.

Attack №2: Internal Attack

An Internal Attack is a special type of attack. When trying to steal a user’s RUNE through an Internal Attack, the hacker needs to have a medium token. Moreover, the token must also call third-party contracts. According to the transfer records of RUNE on Ethereum, some attackers hacked RUNE through AMP Token transfers.

Attack №3: Phishing Attack

As its name suggests, in a phishing attack, the attacker promises to give away incredible benefits to lure users into performing certain contract operations. Here, we will introduce a common phishing attack.

  1. For Attack №1: When making a transfer, keep track of the estimated Gas consumption. For a regular ETH transfer, a Gas fee of 21,000 is more than enough. Be careful if the Gas consumption far exceeds that figure.
  2. For Attack №2: Isolate your tokens by adopting different wallets. You can store different tokens in different addresses. Extra caution is needed when it comes to the hot wallet address offered by exchanges.
  3. For Attack №3: Greed is the source of all evil. Do not blindly participate in any airdrop event.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store