Telegram trading bot Unibot confirmed that it was exploited on October 31.
On-chain data shows that the Unibot hackers have moved $630,000 in stolen funds from the popular Telegram trading bot via the recognized mixing protocol Tornado Cash.
In an Oct. 31 post on X (formerly Twitter), the Unibot team confirmed that the platform suffered a “token approval vulnerability” on its new routers.
"We have experienced a token approval vulnerability with our new routers and have suspended our routers to contain the issue," Unibot said.
The hack caused Unibot’s native UNIBOT token to plummet by more than 30% to $32.94 before recovering to $46.02 as of press time, according to CryptoSlate.
How Unibot is exploited
While the trading bot team failed to provide information on the stolen amount, a report from crypto security firm Cyvers Alerts estimated that hackers stole around 345 Ethereum (ETH), equivalent to $630,000, from the platform.
Cyvers Alerts said the attacker obtained funds through fixed float funds and:
“The root cause [of the hack] appears to be a lack of input to the ‘transferFrom’ function to transfer tokens that have been approved by the contract.”
However, the Unibot team sought to downplay the incident, assuring victims that they would be compensated and that their "keys and wallets were safe."
Unibot added: “We will publish a detailed response once our investigation is complete.”
Funding Movement
Data from Debank shows that wallets associated with the Unibot exploiter first exchanged all stolen digital assets (including Meme coins) for Ethereum through decentralized exchanges such as Uniswap and 1inch.
The attacker then moved all of this ETH through Tornado Cash in an attempt to obfuscate his transaction tracks.
As of press time, the wallet only holds about $69 worth of digital assets. #黑客 #Unibot
