On 31 October the Unibot trading Telegram bot was compromised by unknown parties. Project representatives confirmed the incident.
We experienced a token approval exploit from our new router and have paused our router to contain the issue.
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.
We will release a detailed response after investigations conclude.
— Unibot (@TeamUnibot) October 31, 2023
According to them, they faced a token-approval vulnerability in the new router. To address the issue, developers temporarily paused the router’s operation.
“Any funds lost due to the bug in the new router will be compensated, and keys and wallets will remain safe,” Unibot assured.
Nevertheless, external experts urged users to urgently transfer funds to other wallets or revoke approvals of the contract.
At the time of writing, the damage stood at nearly $650,000 — the hacker withdrawn 305 ETH and 39 000 USDC. Subsequently he sent the coins to the Tornado Cash mixer.
The UNIBOT token launch took place on May 21, with the attacker’s wallet funded on May 25 — on the first day of heightened trading activity.
Unibot hacker address seeded 1 week after launch
hmm https://t.co/kA6nREjnQw pic.twitter.com/2GqJFNP5q9
— Fudzy (@fozzydiablo) October 31, 2023
In the crypto community, theories circulated about an insider-like nature of the attack — allegedly the hacker waited for the meme-coin cycle peak to earn more.
Blockchain-detective Arhat outlined a suspected exploit scheme that allowed the hacker to bypass balance checks and withdraw funds through repeated transferFrom calls.
Allowed to Drain? A Devious Exploit Bypassed Unibot’s Balance Checks and Made Off With 300+ ETH
More than 300 ETH was exploited from @TeamUnibot users. More than $500k, at least at the time of writing this.
The hacker wrote a pseudocode to exploit the Unibot contract.
Read… pic.twitter.com/Ns7bm6RYuP
— Arhat (@0xArhat) October 31, 2023
Beosin experts also noted the changes made by the attacker to the bot’s code.
?#Unibot exploited?
Hacker:https://t.co/vSnl9xNmBDThe root cause is CAll injection, where an attacker can pass custom malicious calldata into the 0xb2bd16ab() method to transfer tokens approved to Unibot contracts.
Users need to revoke approval for… pic.twitter.com/7PYJVwO6Ga
— Beosin Alert (@BeosinAlert) October 31, 2023
Against this backdrop, the price of the native UNIBOT token plunged 32% and, according to CoinGecko, stands at $38.44.
Earlier experts warned of risk of losing cryptocurrency when trading via Telegram bots, as they are not protected from hacker attacks.