Unibot, a widely used Telegram bot known for facilitating transactions on the decentralized exchange Uniswap, experienced an exploit that resulted in an approximate loss of $560,000 for multiple users. The attack occurred on October 29 when a new contract deployed by Unibot was exploited by hackers. On October 31, blockchain analytics company Scopescan alerted Unibot users to the ongoing attack by previously undetected hackers.
Scopescan's alert warned users about the breach and the cryptocurrency drain resulting from Unibot's vulnerability to the exploit. Unibot later confirmed the hack and suspended its routers to contain the issue. In the aftermath of the breach, users were advised to revoke approval of the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer their funds to a new wallet. It was observed that the attackers were converting stolen meme coins into ether.
In response to the security breach, the market reacted negatively, with the UNIBOT token's price plummeting by 42.7% in just one hour, dropping from $57.56 to $32.94. However, at the time of this report, the coin's price was showing signs of recovery. Unibot has committed to compensating all users who suffered financial losses due to the contract vulnerabilities. Weekly trading data revealed that cryptocurrencies like Joe (JOE), UNIBOT, and BeerusCat (BCAT) were the primary targets of the attack.
Furthermore, Scopescan uncovered that the same address, 0x835B, which had been exploited, was deployed for receiving funds from unsuspecting victims. This incident follows a recent contract vulnerability that led to the theft of 280 ETH from users of Maestrobots, a group of cryptocurrency bots on the Telegram Messenger app. To rectify the situation, Maestrobots used its own earnings to compensate users with 334 ETH in total, citing a lack of liquidity to repurchase the lost tokens. CertiK, a blockchain security firm, confirmed the transactions that showed Maestro paying the compensation to users.
