Telegram-based trading bot Unibot suffered a security breach on Tuesday, leading to over $560k in losses for affected users.
Unibot, a crypto trading terminal integrated with Telegram, has suffered a security breach just a few days after claiming that its new router is safe. According to an update from the team, hackers exploited the newly deployed router by Unibot to move user assets.
Unibot’s Router is safe.
Safety is a top priority with us and we approach it proactively.
With Unibot Cloud – we removed the risk of private keys from Telegram and giving you full control with self-destructing messages.
EIP4337 Account Abstraction is another layer of…
— Unibot (@TeamUnibot) October 24, 2023
Although the team is currently investigating the breach, the far-reaching impact on Unibot users is primarily because users have given token approval to the router. With token approval, a hacker with unauthorized access can easily transfer assets from user wallets without requiring a new signature.
Unibot revealed in its update that it has now paused its router to contend with the exploit. However, certain users claim that their wallets are still being drained, suggesting that the hacker had already gained access to such accounts before Unibot’s intervention.
According to the on-chain analytics platform Scopescan, Unibot users lost over $560,000 to the recent security breach. The hackers typically transferred memecoins held in user wallets and converted them to Ether (ETH) before following the known tradition of moving them onto a privacy-focused protocol, Tornado Cash.
The hacker’s wallet address has moved all the stolen funds to Tornado Cash, holding a balance of just 0.03 ETH ($68) at the time of writing.
.@TeamUnibot seems exploited, the exploiter transfers memecooins from #unibot users and is exchanging them for the $ETH right now.
The current exploit size is ~$560K
Exploiter address:https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892
— Scopescan (? . ?) (@0xScopescan) October 31, 2023
Users Want Refund in Memecoins
It is noteworthy that Unibot has promised to reimburse users affected by the hack. Yet, many users insist that the project repays the lost amount in the stolen memecoins rather than Ether (ETH).
An X user by the name AmmoCrypto responded, “We all expect the original tokens back and not ETH. You will lose all trust in users if it’s not the original tokens.” Still, many users have named the specific token they wish to be refunded in, urging Unibot to buy back all the tokens to regain user trust.
Unibot (UNIBOT) Sees 33% Decline
It is noteworthy that Unibot’s promise of a refund has not been enough to stop the project’s native token from seeing a substantial decline. Within the eight hours following the exploit, Coingecko data showed that the price of Unibot (BOT) slumped from $57 to $32.
While the token has slightly rebounded to around $40 at the time of writing, its value has declined by over 33% in the past 24 hours.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
