Telegram-based crypto trading bot Unibot is suspected of being hacked as users of the trading bot try to move their funds off the platform.
The Unibot platform facilitates users in connecting their wallets to the decentralized exchange Uniswap, allowing them to trade tokens using Telegram-based tools, much like sending messages on the popular messaging app.
.@TeamUnibot seems exploited, the exploiter transfers memecooins from #unibot users and is exchanging them for the $ETH right now.
The current exploit size is ~$560K
Exploiter address:https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892
— Scopescan (🪬 . 🪬) (@0xScopescan) October 31, 2023
As per etherscan data, the exploiter seems to be moving users’ crypto and trading them for ETH.
Unibot attacker received 1 ETH as gas fee from FixedFloat coin mixer one week after Unibot was launched, Scopescan revealed.
Onchain analytics account Lookonchain reported that so far the exploiter has stolen over $600,000.
A hacker attacked @TeamUnibot and is stealing the assets of users.
As of now, the stolen assets have exceeded $600K.
If you use #Unibot, please move your funds to other wallets or revoke approvals of the contract as soon as possible.
0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865 pic.twitter.com/ioObZ3WAyR
— Lookonchain (@lookonchain) October 31, 2023
Beosin Alert reported that the root cause of the hack is CAll injection, where an attacker can pass custom malicious calldata into the 0xb2bd16ab() method to transfer tokens approved to Unibot contracts.
The price of the token crypto trading bot, UNIBOT, crashed over 40% on the reports of being hacked.
At the time of writing, UNIBOT is trading at $36.45, as per Coingecko data.
🚨#Unibot exploited🚨
Hacker:https://t.co/vSnl9xNmBDThe root cause is CAll injection, where an attacker can pass custom malicious calldata into the 0xb2bd16ab() method to transfer tokens approved to Unibot contracts.
Users need to revoke approval for… pic.twitter.com/7PYJVwO6Ga
— Beosin Alert (@BeosinAlert) October 31, 2023
Unibot team has not made any statement or clarified the suspected hack.
Read the full article here