The latest victim in the ever-growing list of crypto hacks is Unibot, a popular trading tool on Telegram. Today, alarm bells rang after the project revealed a “token approval exploit” impacting Unibot. “Your keys and wallets are safe,” the project wrote, adding that all funds impacted by the bot’s “new router” will be compensated. A “token approval exploit” refers to a vulnerability in smart contract permissions, allowing unauthorized access or movement of a user’s tokens beyond the intended limit. Initial estimates suggested that around $640,0000 worth of cryptocurrency had been affected. Subsequent investigations also revealed that the siphoned funds were moved quickly and converted to Ethereum. Unibot is a popular Telegram-based trading tool that gained significant traction due to its user-friendly interface. In a nutshell, Unibot lets users swap cryptocurrencies without having to leave the messaging app. Beyond that, though, users can also copy other traders’ strategies and enjoy MEV-protected trading. The app’s popularity has been reflected in the value of its native token, which, in its heyday, reached a staggering $236 in mid-August. However, the exploit news triggered a drastic plunge in the token’s price, bringing it down from $57.56 to a meager $32.94, according to data from CoinGecko. The UNIBOT token is now trading hands at $45.7. The exploiters initially transferred the stolen assets to Uniswap, a decentralized exchange, before moving them through Tornado Cash. Unibot joins annals of crypto exploits Though this is one of the first high-profile Telegram bot exploits, the broader crypto landscape has been rattled by security lapses. Only a week before the Unibot exploit, some LastPass users reported losing another $4.4 million worth of crypto. Though the regular exploits over the past 10 months had baffled many as they arrived seemingly without rhyme or reason, security experts are now pointing to a LastPass exploit from last December. Another key vulnerability in the crypto space has been inter blockchain bridges that let users swap assets between incompatible networks. In August, the Optimism-based lending platform Exactly was exploited for $7 million. It’s not a sum to balk at, but it’s also one of the smaller hauls compared to other higher-profile bridge hacks. Take for example Axie Infinity’s Ronin bridge, which was exploited in March 2022 for an estimated $622 million. There’s also the Wormhole exploit, which saw a whopping $320 million nabbed by exploiters. As the crypto realm continues its march into the mainstream, these incidents serve as stark reminders of the challenges that lie ahead. Editor’s note: This article was written with the assistance of AI. Edited and fact-checked by Liam Kelly.
Your Keys and Wallets Are Safe’, Says Telegram Bot Unibot Amid $640k Exploit
