Unibot, a popular Telegram trading bot, has been exploited, resulting in a loss of over $560,000. According to the project team, it “experienced a token approval exploit from the new router”. Although the team reassured users that it would compensate for any losses, the project's token price plummeted by 20% in the aftermath of the hack.
Blockchain security firm Scopescan first identified the issue, and within an hour the Unibot team confirmed it. The full details of the hack remain unknown, so all users are advised to revoke their approvals for the exploited contract and transfer their funds to a new wallet.
The hacker has already begun sending money to Tornado Cash to cover their tracks.
Following the announcement of the hack, users quickly reacted by dumping the UNIBOT token. Its value dropped sharply by around 40%. However, it has since made a partial recovery and is now trading down by about 20%.
Unibot, currently the third most popular trading bot on Telegram, has 900+ daily active users and has tallied over 650k trades since its launch. Notably, it is among the few bots that have their own token. As of now, its market capitalization stands at a leading $46 million, making it the top-valued bot token among all Telegram trading bots.
Telegram bots seem to be a recurring target for hackers. Just last week, Maestro, another well-known bot, also suffered a breach. Much like the Unibot incident, the hacker exploited a vulnerability in Maestro's newly launched router, making off with over $500,000.
Interestingly, Banana Gun, another popular Telegram trading bot, has seen its market value surge by 40% as it benefits from the challenges its competitors are facing. Currently, it is the second-largest bot token by market capitalization.
Security remains a primary concern for Telegram trading bots. Many popular bots don't open-source their software, so it can't be audited by independent security experts. Moreover, these bots control users’ private keys, adding another layer of risk.
Recent incidents underscore the importance of caution when using Telegram bots. It is best not to connect them to your primary wallet or store crypto in wallets that have interacted with these bots. For those keen on using them, consider setting up a separate wallet and moving your crypto out once trades are complete.
