According to reports, a new contract deployed by Unibot (a popular Telegram bot used to snipe transactions on decentralized exchange Uniswap) on October 29 was exploited to obtain approximately $560,000 from users in various models. Because of coins.
On October 31, blockchain security company Scopescan issued an alert to Unibot users, stating that Unibot was being attacked by hackers but had not been detected. Unibot’s attack on a newly deployed contract drained the cryptocurrency holdings of multiple users.
.@TeamUnibot It seems that being exploited, the exploiters start from #unibot users and are exchanging them $ETH Now.
The current exploit size is approximately $560,000
Exploiter address: pic.twitter.com/MF85Fdk892
— Scopescan (.) (@0xScopescan) October 31, 2023
Unibot later confirmed the hack by revealing preliminary details:
“We have experienced a token approval vulnerability with our new routers and have suspended our routers to contain the issue.”
Amid ongoing investigations by Unibot and blockchain investigators, Scopescan advises users to revoke approval of the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer funds to a new wallet.
Hackers are converting stolen memecoin to Ethereum (ETH), blockchain data Displayed from Scopescan.
As mentioned above, the market reacted negatively to this development, as the price of the UNIBOT token immediately fell by 42.7% in one hour – from $57.56 to $32.94. However, at the time of writing, the coin’s price is trying to recover.
We encountered a token approval vulnerability in our new router and have suspended our router to contain the issue.
Any money lost due to errors in our new routers will be reimbursed. Your keys and wallet are safe.
We will issue a detailed response upon completion of the investigation.
— Unibot (@TeamUnibot) October 31, 2023
Unibot promises to compensate all users who suffer financial losses due to contract loopholes. Weekly trading data shows that cryptocurrencies such as Joe (JOE), UNIBOT and BeerusCat (BCAT) account for the bulk of the loot.
Cointelegraph has also learned from Scopescan that the same address 0x835B as the exploited address has been deployed and used to receive coins from unsuspecting victims.
Unibot has not yet responded to Cointelegraph’s request for comment.
related: Telegram Crypto Bot Gaining Momentum in the Market: Binance Research
Recently, a similar contract vulnerability stole 280 ETH from users of Maestrobots, a group of cryptocurrency bots on the Telegram Messenger app.
Over the next few days, Maestrobots paid out a total of 610 ETH from its own earnings to cover all user losses, while citing a lack of liquidity to buy back the lost tokens:
“So we compensated affected users with ETH equivalent to their tokens and increased that amount by 20% because that’s what you deserve. These refunds cost 334 ETH.”
Blockchain security firm CertiK confirmed to Cointelegraph that it has been able to detect transactions showing Maestro paying users 334 ETH in compensation.
Magazine: Ethereum Reclaimed: Blockchain Innovation or a Dangerous House of Cards?
Svlook
