Telegram trading tool Unibot suffers exploit

Blockchain security firms noted that the funds stolen from Unibot were transferred to the privacy tool Tornado Cash in laundering attempt

article-image

Parilov/Shutterstock, modified by Blockworks

share

Unibot, a well-known Telegram bot for Uniswap trading, suffered an approval vulnerability on Tuesday, resulting in a loss of tokens valued above $600,000.

A newly deployed contract was compromised, leading to the loss of several meme coins belonging to users. 

The firm pinpointed the problem as a “token approval exploit” from its new router, which led them to momentarily halt the router to address the issue.

“We experienced a token approval exploit from our new router and have paused our router to contain the issue,” the team said on X.

“Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.”

PeckShield initially detected the exploit, revealing that the attacker transferred the stolen tokens to Uniswap and moved the funds to crypto mixer Tornado Cash. 

The attacker appears to have exchanged the tokens for about 355.75 ETH, equal to around $640,000, according to the blockchain security firm. 

Meanwhile, analytics firm Scopescan pegged the size of the exploit at $560,000. 

While inquiries continue, Scopescan and Beosin recommended that impacted users revoke permissions for the compromised contract and move their assets to a safer wallet.

SlowMist, another security firm, stated that the attack was a result of missing essential parameter verifications, allowing the attacker to move tokens that users had authorized for the Unibot contract.

The UNIBOT token was last down nearly 30% at $44.01 as of 5:20 a.m. ET on Monday, data from Blockworks Research showed.

The team expects to provide a detailed update once the investigation is complete, with a Telegram admin mentioning a potential update in the upcoming 24 hours.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

MON - WED, MARCH 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience:  Attend expert-led panel discussions and fireside chats  Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts   Grow your network […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

logo.jpeg

Research

Akash is a general-purpose compute platform with GPUs, storage, LLM training or inference, and validator hosting through its two-sided marketplace.

article-image

The SEC could allow half a dozen or more such funds to launch at once, Ark Invest CEO says

article-image

2023 saw a decline in a16z crypto funding, but the behemoth VC firm teased what it’s excited for next year

article-image

“Iran Unchained” launched a new version of its grant platform to make donations to activists easier

article-image

The stablecoin marks the first time a regulated European bank has made a euro-pegged stablecoin available on a crypto exchange

article-image

Build it and they will come, perhaps, but making crypto easier to use is turning out to be just as important

article-image

Amid moves by Itau Unibanco and Nubank, the country could serve as “a proof of concept” for TradFi-crypto integrations, industry research exec says