The well-known Telegram trading tool Unibot is the most recent victim of an ever-expanding series of cryptocurrency breaches.
Unibot acknowledged that it was compromised on October 31 and that the problem occurred as a result of a new router’s token approval attack, and that over $630,000 was purportedly lost as a result of the exploit.
Users of Unibot were notified on October 31 by blockchain analytics company Scopescan of an ongoing, undetected breach on the platform. A Unibot exploit on a recently installed contract emptied multiple customers’ cryptocurrency balances.
Later, Unibot revealed the first details of the hack, confirming it :
“We experienced a token approval exploit from our new router and have paused our router to contain the issue.”
Scopescan urged users to withdraw the approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer the money to a new wallet in the midst of ongoing investigations by Unibot and blockchain investigators.
Unibot pledged to reimburse all users who suffered financial losses as a result of the contract exploit. Cryptocurrencies including Joe (JOE), UNIBOT, and BeerusCat (BCAT) comprised a significant portion of the bounty, according to weekly transaction statistics.
As per Scopescan’s findings, the address 0x835B, identical to the exploited one, has been created and is actively receiving tokens from unsuspecting victims. Investigations later on also showed that the embezzled money was transferred fast and converted to Ethereum.
A well-liked trading tool on Telegram, Unibot, acquired a lot of popularity because of its easy-to-use interface. To put it briefly, Unibot allows users to switch between cryptocurrencies without ever leaving the messaging app. However, users can also take advantage of MEV-protected trading and replicate the techniques of other traders.
The native token of the app, which peaked in mid-August at an astounding $236, is a testament to its popularity.
Concerns were raised today when the project disclosed a “token approval exploit”, meaning there is a permissions flaw in smart contracts that makes it possible for tokens belonging to users to be moved beyond the specified limit or for unauthorised access.
However, according to CoinGecko data , the exploit news caused a sharp decline in the token’s price, which saw it drop from $57.56 to a pitiful $32.94. At $45.7, the UNIBOT token is now trading hands.
Before transferring the stolen assets through Tornado Cash, the exploiters first moved them to the decentralised exchange Uniswap.
In the world of cryptocurrency, Tornado Cash is frequently the centre of attention-grabbing hacks and exploits. A few members of its development team were accused in August of aiding hackers in the money laundering of more than $1 billion, including from North Korean-affiliated businesses. 90% less people are using the privacy protocol now than before the arrests and the ensuing penalties.
Even though this was one of the earliest well-known Telegram bot attacks, security flaws have shaken the crypto community as a whole.
Some LastPass users reported losing an additional $4.4 million in cryptocurrency just one week prior to the Unibot breach. Security experts are now pointing to a LastPass exploit from last December, even though the frequent exploits over the last ten months had confused many since they appeared to have no pattern.
Another major weakness in the cryptocurrency sector is the identification of inter-blockchain bridges that enable users to transfer assets between incompatible networks.
The loan platform Exactly, which relies on Optimism, was compromised for $7 million in August. Although it’s not a large amount, it’s also one of the lesser hauls in comparison to previous, more well-known bridge hacks.
Consider the Ronin bridge owned by Axie Infinity, which was taken advantage of in March 2022 for an estimated $622 million. Additionally, there is the Wormhole breach, wherein hackers stole an astounding $320 million.
These occurrences serve as sobering reminders of the difficulties that lie ahead as the cryptocurrency space continues to make headway into the mainstream.
Telegram has become a well-known name in the cryptocurrency community as one of the most used messaging programmes. Every significant blockchain project and cryptocurrency community has a Telegram account, where they create channels and groups to encourage interaction and community building.
Telegram’s widespread use has made it a priceless tool for cryptocurrency fans looking to learn more and discuss their favourite projects, but it has also drawn unwanted attention from dishonest people.
But what are the most common crypto scams on Telegram and how can you protect yourself?
Phishing and Smishing
On Telegram, phishing takes the form of “smishing” (phishing via SMS). The goal is to extract sensitive data, often targeting high-profile individuals in “whaling” or “spear phishing” attacks.
Off-Platform Crypto Scams
These scams lure you outside the platform to follow links, potentially tricking you into sharing personal information or downloading malware.
Scammers create fake Telegram channels or groups that mimic legitimate ones, making users believe they’re part of the real community. Verify channel authenticity by enabling admin-only posting and limiting who can add you to channels in your settings.
Crypto Expert Impersonation
Scammers on Telegram pose as crypto experts and promise to enhance your returns. They often disappear after collecting your login information.
Pump and Dump Schemes
These scams promote events with potential price impacts, urging users to invest or sell. Be cautious when receiving investment advice via private messages.
While Telegram bots can be useful, some hackers create fake ones. Avoid bots that rush you into actions, check their phone numbers, grammar, and never share sensitive information.
Tech Support Scams
Scammers impersonate support staff in Telegram channels. Never share confidential information with supposed support, whether they’re bots or not.
Be wary of giveaways that ask for your bank details or require you to pay a fee to claim your prize, as these are likely scams.
Scammers find Telegram to be an attractive platform since it is the home of all legitimate cryptocurrency projects. Therefore, it is crucial to avoid disclosing private information, sending money, or clicking on a dubious link.