Evgen verzun
Blog
November 2, 2023
Security Alert! Unibot Exploited - $650,000 Lost
Halloween is running to its end, but you can bet your top dollar we are going to see a lot of scary and unnerving news about crypto until the end of the year.
Take the last few days, for example. Unibot, a popular Telegram bot used to swap cryptocurrencies without having to leave the messaging app, had an approval vulnerability that ended up costing users more than $650,000 in tokens. This is one of the first high-profile Telegram bot exploits in my memory!
Pretty hefty sum to lose, and I'm sure it caused some anxious moments for those involved.
So what happened? The official statement informs that a newly deployed contract got compromised, and as a result, a bunch of meme coins belonging to users were stolen. The folks at Unibot figured out that the issue was a "token approval exploit" from their new router.
In their own words, "Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe."
At least they're taking responsibility and promising to make things up, right?
The hacker is BULLISH on $TISM Tokens…
The first to spot this exploit was PeckShield, a blockchain security and data analytics company.
They found that the attacker swiped the tokens and then moved them to Uniswap and later sent the funds to a crypto mixer called Tornado Cash. Hacker managed to exchange those tokens for about 355.75 ETH, which adds up to roughly $640,000. On the other hand, an analytics firm called Scopescan thought the exploit was worth around $560,000. Let’s live number crunching to others and just agree that It's a lot of money whichever way you look at it.
The UNIBOT token also took quite a hit after this incident, dropping nearly 30% to $44.
So what is the move to make if you got involved in this unfortunate event? I would strongly recommend revoking approvals for the compromised contract and moving your assets to a safer wallet. It's the best way to secure your tokens and prevent any nasty surprises.
The rumor mill has it that the attack happened because some essential parameter verifications were missing, but also that the exploiter’s contract was deployed 2 days ago by the Unibot team. The exploiter was funded around five months ago, following the launch of Unibot…
You can make your own conclusions, but make sure not to panic while transferring funds. I say that because someone lost their USDC, deposited more USDC to the same exposed wallet and got drained again. Perhaps it was a wallet with scheduled transfers, but stranger things have happened.
Stay safe!