Telegram-based crypto trading bot Unibot is suspected of being hacked as users of the trading bot try to move their funds off the platform.
The Unibot platform facilitates users in connecting their wallets to the decentralized exchange Uniswap, allowing them to trade tokens using Telegram-based tools, much like sending messages on the popular messaging app.
The current exploit size is ~$560K
— Scopescan ( . ) (@0xScopescan) October 31, 2023
As per etherscan data, the exploiter seems to be moving users’ crypto and trading them for ETH.
Unibot attacker received 1 ETH as gas fee from FixedFloat coin mixer one week after the crypto trading bot was launched, Scopescan revealed.
Onchain analytics account Lookonchain reported that so far the exploiter has stolen over $600,000.
A hacker attacked @TeamUnibot and is stealing the assets of users.
As of now, the stolen assets have exceeded $600K.
If you use #Unibot, please move your funds to other wallets or revoke approvals of the contract as soon as possible.
— Lookonchain (@lookonchain) October 31, 2023
Beosin Alert reported that the root cause of the hack is CAll injection, where an attacker can pass custom malicious calldata into the 0xb2bd16ab() method to transfer tokens approved to Unibot contracts.
The price of the token crypto trading bot, UNIBOT, crashed over 40% on the reports of being hacked.
At the time of writing, UNIBOT is trading at $36.45, as per Coingecko data.
The team behind the crypto trading bot platform confirmed the attack on social media platform X, saying that they experienced a token approval exploit from their new router and have paused the router to contain the issue.
We experienced a token approval exploit from our new router and have paused our router to contain the issue.
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.
We will release a detailed response after investigations conclude.
— Unibot (@TeamUnibot) October 31, 2023
The team also confirmed that any funds lost due to the bug on the new router will be compensated. Users’ keys and wallets are safe, it added.