Telegram trading tool Unibot suffers exploit

Blockchain security firms noted that the funds stolen from Unibot were transferred to the privacy tool Tornado Cash in laundering attempt

article-image

Parilov/Shutterstock, modified by Blockworks

share

Unibot, a well-known Telegram bot for Uniswap trading, suffered an approval vulnerability on Tuesday, resulting in a loss of tokens valued above $600,000.

A newly deployed contract was compromised, leading to the loss of several meme coins belonging to users. 

The firm pinpointed the problem as a “token approval exploit” from its new router, which led them to momentarily halt the router to address the issue.

“We experienced a token approval exploit from our new router and have paused our router to contain the issue,” the team said on X.

“Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.”

PeckShield initially detected the exploit, revealing that the attacker transferred the stolen tokens to Uniswap and moved the funds to crypto mixer Tornado Cash. 

The attacker appears to have exchanged the tokens for about 355.75 ETH, equal to around $640,000, according to the blockchain security firm. 

Meanwhile, analytics firm Scopescan pegged the size of the exploit at $560,000. 

While inquiries continue, Scopescan and Beosin recommended that impacted users revoke permissions for the compromised contract and move their assets to a safer wallet.

SlowMist, another security firm, stated that the attack was a result of missing essential parameter verifications, allowing the attacker to move tokens that users had authorized for the Unibot contract.

The UNIBOT token was last down nearly 30% at $44.01 as of 5:20 a.m. ET on Monday, data from Blockworks Research showed.

The team expects to provide a detailed update once the investigation is complete, with a Telegram admin mentioning a potential update in the upcoming 24 hours.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

recent research

Research Report Templates.png

Research

An overview of the Base Ecosystem, with a focus on market leaders.

article-image

Although bitcoin hitting $120k by year’s end is looking unlikely

article-image

About 270 million HYPE has been claimed, valued around $7.6 billion

article-image

Stanford professors David Mazières and Dan Boneh will lead the lab alongside a cohort of graduate student researchers

article-image

With more companies holding BTC, bitcoin yielding strategies could become “a new corporate finance norm,” CoinShares posed

article-image

The proposal comes after Polygon governance considered a controversial use of bridged liquidity for yield

article-image

Can the community balance its decentralized ethos with the need for inclusivity and constructive debate?