The latest victim in the ever-growing list of crypto hacks is Unibot, a popular trading tool on Telegram.
Today, alarm bells rang after the project revealed a “token approval exploit” impacting Unibot. “Your keys and wallets are safe,” the project wrote, adding that all funds impacted by the bot’s “new router” will be compensated.
A “token approval exploit” refers to a vulnerability in smart contract permissions, allowing unauthorized access or movement of a user’s tokens beyond the intended limit.
Initial estimates suggested that around $640,0000 worth of cryptocurrency had been affected. Subsequent investigations also revealed that the siphoned funds were moved quickly and converted to Ethereum.
Unibot is a popular Telegram-based trading tool that gained significant traction due to its user-friendly interface. In a nutshell, Unibot lets users swap cryptocurrencies without having to leave the messaging app. Beyond that, though, users can also copy other traders’ strategies and enjoy MEV-protected trading.
The app’s popularity has been reflected in the value of its native token, which, in its heyday, reached a staggering $236 in mid-August.
However, the exploit news triggered a drastic plunge in the token’s price, bringing it down from $57.56 to a meager $32.94, according to data from CoinGecko. The UNIBOT token is now trading hands at $45.7.
The exploiters initially transferred the stolen assets to Uniswap, a decentralized exchange, before moving them through Tornado Cash.
Stay on top of crypto news, get daily updates in your inbox.
Unibot joins annals of crypto exploits
Though this is one of the first high-profile Telegram bot exploits, the broader crypto landscape has been rattled by security lapses.
Only a week before the Unibot exploit, some LastPass users reported losing another $4.4 million worth of crypto. Though the regular exploits over the past 10 months had baffled many as they arrived seemingly without rhyme or reason, security experts are now pointing to a LastPass exploit from last December.
Another key vulnerability in the crypto space has been inter blockchain bridges that let users swap assets between incompatible networks. In August, the Optimism-based lending platform Exactly was exploited for $7 million. It’s not a sum to balk at, but it’s also one of the smaller hauls compared to other higher-profile bridge hacks.
Take for example Axie Infinity’s Ronin bridge, which was exploited in March 2022 for an estimated $622 million. There’s also the Wormhole exploit, which saw a whopping $320 million nabbed by exploiters.
As the crypto realm continues its march into the mainstream, these incidents serve as stark reminders of the challenges that lie ahead.
Editor’s note: This article was written with the assistance of AI. Edited and fact-checked by Liam Kelly.
Stay on top of crypto news, get daily updates in your inbox.
Read More: decrypt.co