Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Unibot contract exploit leads to a 40% decline in token value, resulting in a $560K loss.
A new contract launched on Oct. 29 by Unibot, a widely used Telegram bot for executing trades on the decentralized exchange Uniswap, was reportedly compromised, resulting in the theft of approximately $560,000 in various memecoins from users.
On Oct. 31, blockchain security company Scopescan informed Unibot users about an ongoing hack that had gone unnoticed. An exploit on a recently deployed contract by Unibot siphoned off the cryptocurrency assets of multiple users.
.@TeamUnibot appears to have been exploited, with the attacker transferring memecoins from #unibot users and currently exchanging them for $ETH.
The estimated size of the exploit is around $560K.
Exploiter address: https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892— Scopescan ( . ) (@0xScopescan) October 31, 2023
Unibot subsequently acknowledged the hack by providing initial information:
“We encountered a token approval exploit from our new router and have suspended our router to mitigate the issue.”
During ongoing inquiries by Unibot and blockchain analysts, Scopescan recommended that users revoke the approvals for the compromised contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer their funds to a new wallet.
Unibot hacker’s funds movement. Source: 0xscope.com
The hacker is in the process of converting the stolen memecoins into Ether (ETH), as indicated by blockchain data from Scopescan.
Unibot 1-day price chart showing a sharp decline in price following hack. Source: CoinGecko
As illustrated, the market responded adversely to the incident, with the UNIBOT (UNIBOT) token experiencing an immediate 42.7% decline in its price within one hour — dropping from $57.56 to $32.94. However, the token price is attempting to recover at the time of this report.
Related Posts
We encountered a token approval exploit from our new router and have suspended our router to mitigate the issue.
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are secure.
We will provide a comprehensive response once investigations are complete.— Unibot (@TeamUnibot) October 31, 2023
Unibot has pledged to reimburse all users who lost funds as a result of the contract exploit. Weekly transaction data indicates that cryptocurrencies such as Joe (JOE), UNIBOT, and BeerusCat (BCAT) constituted a significant portion of the stolen assets.
Cointelegraph also learned from Scopescan that the address 0x835B, which matches the exploited address, has been deployed and is being utilized to receive tokens from unsuspecting victims.
Unibot has not yet responded to Cointelegraph’s inquiry for comment.
Related: Telegram crypto bots gain momentum in the market: Binance Research
A similar contract exploit recently drained 280 ETH from users of Maestrobots, a collection of cryptocurrency bots on the Telegram messaging platform.
In the days that followed, Maestrobots compensated a total of 610 ETH from its own revenue to cover all user losses, citing insufficient liquidity to repurchase the lost tokens:
“Thus, we reimbursed affected users with the ETH equivalent of their tokens, and increased that amount by 20% because you deserve it. These refunds amounted to 334 ETH.”
Magazine: Ethereum restaking: Blockchain innovation or dangerous house of cards?
Blockchain security firm CertiK confirmed to Cointelegraph that it has successfully detected the transactions reflecting the 334 ETH compensation disbursed to users from Maestro.
