Hacker Ransacks $600,000 From Popular Telegram Trading Bot, Unibot
Hacker steals assets from wallets actively approving Unibot's smart contract.
By: Samuel Haig •DeFi News
Unibot, a popular Telegram trading bot, has been exploited, resulting in user accounts getting exploited.
Scopescan, an on-chain research team, flagged the exploit on Twitter, noting that the hacker is offloading the assets for ETH using decentralized exchanges. Losses have exceeded $600,000 roughly one hour after the exploit took place.
“Please check and revoke the approvals for [Unibot’s] contract,” Scopescan said. “Move your funds to a new wallet ASAP.”
Beosin Alert attributed the exploit to a CAll injection, allowing the attacker to transfer assets from wallets that have not revoked approval for Unibot’s smart contracts.
The official Unibot Twitter account is yet to acknowledge the hack.
The price of the bot’s native token UNIBOT is down more than 29% in one hour after the hack, according to CoinGecko. The token’s market cap currently sits at around $45M, down from an all-time high of $200M in August.
Unibot hosted 1,300 active accounts in the past 90 days, according to Dune Analytics. Unibot currently ranks as the second most popular Telegram bot with 16% of users.
Trading Bot Perils
While Telegram trading bots have enjoyed a recent surge in popularity, users must take on significant security risks by relinquishing control over their private keys to the bot.
Last week, hackers ransacked $500,000 from Maestro, then the top Telegram trading bot with a 49% market share. Affected users were later refunded.