A recently deployed contract on Oct. 29 by Unibot, a popular Telegram bot used for sniping trades on the decentralized exchange Uniswap, was reportedly exploited, resulting in the loss of approximately $560,000 worth of various memecoins from users. This incident highlights the risks associated with decentralized exchanges and the need for increased security measures.
On Oct. 31, blockchain analytics firm Scopescan alerted Unibot users about an ongoing hack that had gone unnoticed. The exploit occurred on a newly deployed contract by Unibot, which drained the crypto holdings of several users. Scopescan tweeted about the exploit, stating that the current exploit size was approximately $560,000.
Following the alert from Scopescan, Unibot confirmed the hack and revealed initial details, stating, “We experienced a token approval exploit from our new router and have paused our router to contain the issue.” Unibot, along with blockchain investigators, started conducting investigations into the incident.
To mitigate further losses, Scopescan advised affected users to revoke the approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and move their funds to a new wallet.
Related Post
According to blockchain data from Scopescan, the hacker has been converting the stolen memecoins into Ether (ETH). This conversion process is evident when observing the transactions made by the hacker’s address (0x413e4fb75c300b92fec12d7c44e4c0b4faab4d04).
The market reacted negatively to the incident, as the price of the UNIBOT token experienced a sharp decline of 42.7% within one hour, dropping from $57.56 to $32.94. However, at the time of writing, the token’s price is showing signs of recovery.
Unibot took responsibility for the incident and committed to compensating all users who lost funds due to the contract exploit. Weekly transaction data revealed that cryptocurrencies such as Joe (JOE), UNIBOT, and BeerusCat (BCAT) constituted a major portion of the stolen funds.
Additionally, Scopescan discovered that an address (0x835B), which is identical to the exploited address, was deployed and being used to receive tokens from unsuspecting victims. This raises concerns about ongoing fraudulent activities involving the stolen funds.
Cointelegraph reached out to Unibot for comment but has yet to receive a response.
This incident follows a similar contract exploit that recently drained 280 ETH from users of Maestrobots, a group of cryptocurrency bots on the Telegram Messenger app. In response, Maestrobots used its own revenue to compensate the affected users with the equivalent amount of ETH, plus an additional 20% as a gesture of goodwill. This refund process cost Maestrobots a total of 334 ETH.
The occurrence of these contract exploits underscores the importance of stringent security measures and monitoring systems for decentralized exchanges and cryptocurrency bots. Users should exercise caution when using such platforms and be aware of the potential risks involved. As the crypto market continues to evolve, it is crucial for developers and users to prioritize security to prevent such incidents in the future.
In conclusion, the Unibot hack serves as a stark reminder of the vulnerabilities within decentralized exchanges and the need for continuous improvement in security measures. Prompt actions from both Unibot and blockchain investigators have been taken to mitigate further losses and compensate affected users. This incident should serve as a wake-up call for the crypto community to prioritize security and implement robust measures to protect user funds and prevent similar exploits in the future.
