Unibot contract drops $560K exploit, token price drops more than 40%
A new contract launched by UniBot, a popular Telegram bot used to rig the trades of decentralized exchange Uniswap, has reportedly extorted about $560,000 in various memecoins from users on October 29.
On October 31st, blockchain security firm ScopeScan reported that an ongoing hack of Unibot users on Unibot went undetected. An exploit on Unibot's newly launched contract has depleted many users' crypto holdings.
.@TeamUnibot seems to have been exploited, the exploiter transfers memecooins from #Unibot users and is now exchanging them for $ETH.
The current exploit rate is ~$560k.
Exploit URL: pic.twitter.com/MF85Fdk892
— Scopescan (@0xScopescan) October 31, 2023
Unibot later confirmed the hack, revealing initial details:
“We have encountered a token license exploit from the new router and have disabled the router to contain it.”
Amid ongoing investigations by Unibot and blockchain investigators, ScopeScan advised users to cancel approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and move the funds to a new wallet.
The hacker is in the process of converting the stolen memecoins to ether (ETH), according to blockchain data from Scopescan.
As seen above, the market reacted negatively to the development as the UNIBOT token dropped by 42.7% in one hour – from $57.56 to $32.94. However, the token value is undergoing a recovery attempt at the time of writing.
We encountered a token authorization exploit from the new router and we stopped the router to fix it.
Any money lost due to a fault with the new router will be reimbursed. Your keys and wallet are safe.
We will respond in detail after the investigation is complete.
— Unibot (@TeamUnibot) October 31, 2023
Unibot is committed to compensating all users who have lost money due to the exploitation of the contract. Weekly trading data shows that cryptocurrencies such as JOE (JOE), UNIBOT and BeerusCat (BCAT) represent the main part of the loot.
Cointelegraph has learned from Scopescan that the 0x835B address, which is the same as the exploited address, is being used to receive tokens from unsuspecting victims.
Unibot has yet to respond to Cointelegraph's request for comment.
Related: Telegram Crypto Bots Gain Speed in the Market: Binance Research
A similar contract exploit recently extorted 280 ETH from users of Maestrobots, a group of cryptocurrency bots on the Telegram messenger app.
In the following days, Maestrobots paid a total of 610 ETH from its own earnings to cover the user's losses, citing lack of liquidity to return the lost tokens.
“So we compensated affected users with ETH equal to their tokens, and we increased that amount by 20% because you deserve it. These refunds cost 334 ETH.”
CertiK Blockchain security firm has confirmed to Cointelegraph that it has access to transactions that show the 334 ETH compensation paid to users from Maestro.
Magazine: Ethereum Resurgence: Blockchain Innovation or Dangerous House of Cards?
