First Impressions
“The Unibot exploit underscores the ever-present vulnerabilities in the crypto space, even among tools designed to help traders.”
Unibot, a popular Telegram bot specialising in rapid-fire trades on the decentralised Uniswap exchange, fell victim to a contract exploit.
Approximately $560,000 In Various 'Memecoins' Were Siphoned Off From Users
Imagine if you had a vault and someone managed to find the blueprint to its security mechanisms. The perpetrator then used that knowledge to unlock the vault without anyone noticing. That's akin to what happened here. An exploit is a loophole in a contract's code that a hacker can manipulate to steal assets.
Unibot broke its silence about the hack, stating,
"We experienced a token approval exploit from our new router and have paused our router to contain the issue."
In light of this breach, Scopescan, a blockchain security firm, issued warnings to Unibot users. They recommended revoking any authorisations linked to the compromised contract and swiftly moving funds to a new digital wallet.
To put it simply, the hacker is now in the process of laundering the stolen assets. They're converting these 'memecoins' into Ether, a more stable and widely-accepted form of cryptocurrency, according to Scopescan's blockchain data.
Unibot hacker moving funds. Source: 0xscope.com
Unibot 1-day price chart showing a sharp decline in price following the hack. Source: CoinGecko
The aftermath of this cyber heist was immediate and severe. The UNIBOT token's price took a nosedive, plummeting by 42.7% in just one hour, from $57.56 to $32.94.
However, there's a glimmer of hope. The UNIBOT token is showing signs of price recovery.
The Recent Unibot Incident Serves As A Caution
In an effort to remedy the situation, Unibot has pledged to compensate all affected users. Weekly transaction data reveals that cryptocurrencies such as Joe (JOE), UNIBOT and BeerusCat (BCAT) made up a significant portion of the stolen assets.
Scopescan revealed further unsettling details. Another address, which closely resembles the exploited one, has been activated and is being used to lure in further victims.
Unibot has remained tight-lipped, not responding to requests for comment as of yet.
For context, this isn't an isolated incident. Another similar contract exploit recently drained 280 ETH from Maestrobots users. Maestrobots later used its own funds to reimburse users for their losses, an action Unibot has also committed to.
CertiK, another blockchain security firm, verified Maestrobots' payout of 334 ETH in compensation to its users.