Home / News / Crypto / News / Telegram Crypto Bots: What is UNIBOT & How to Keep Safe Following Exploit
News
6 min read

Telegram Crypto Bots: What is UNIBOT & How to Keep Safe Following Exploit

Published
Teuta Franjkovic
Published

Key Takeaways

  • Telegram’s Unibot faced a significant breach, losing over $630,000 due to a token approval attack.
  • Unibot’s breach involves an exploited contract and an address mirroring the exploited one.
  • The token price collapsed from $236 to $32.94.
  • Unibot’s breach is part of a larger pattern of cryptocurrency security concerns

The well-known Telegram trading tool Unibot is the most recent victim of an ever-expanding series of cryptocurrency breaches.

Unibot acknowledged that it was compromised on October 31 and that the problem occurred as a result of a new router’s token approval attack, and that over $630,000 was purportedly lost as a result of the exploit.

Unibot Users Notified Of Breach, Platform Will Compensate

Users of Unibot were notified on October 31 by blockchain analytics company Scopescan of an ongoing, undetected breach on the platform. A Unibot exploit on a recently installed contract emptied multiple customers’ cryptocurrency balances.

Later, Unibot revealed the first details of the hack, confirming it :

“We experienced a token approval exploit from our new router and have paused our router to contain the issue.”

Scopescan urged users to withdraw the approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer the money to a new wallet in the midst of ongoing investigations by Unibot and blockchain investigators.

Credit: 0xscope.com

Unibot pledged to reimburse all users who suffered financial losses as a result of the contract exploit. Cryptocurrencies including Joe (JOE), UNIBOT, and BeerusCat (BCAT) comprised a significant portion of the bounty, according to weekly transaction statistics.

As per Scopescan’s findings, the address 0x835B, identical to the exploited one, has been created and is actively receiving tokens from unsuspecting victims. Investigations later on also showed that the embezzled money was transferred fast and converted to Ethereum.

What Is Unibot?

A well-liked trading tool on Telegram, Unibot, acquired a lot of popularity because of its easy-to-use interface. To put it briefly, Unibot allows users to switch between cryptocurrencies without ever leaving the messaging app. However, users can also take advantage of MEV-protected trading and replicate the techniques of other traders.

The native token of the app, which peaked in mid-August at an astounding $236, is a testament to its popularity.

Concerns were raised today when the project disclosed a “token approval exploit”, meaning there is a permissions flaw in smart contracts that makes it possible for tokens belonging to users to be moved beyond the specified limit or for unauthorised access.

However, according to CoinGecko data , the exploit news caused a sharp decline in the token’s price, which saw it drop from $57.56 to a pitiful $32.94. At $45.7, the UNIBOT token is now trading hands.

Before transferring the stolen assets through Tornado Cash, the exploiters first moved them to the decentralised exchange Uniswap.

In the world of cryptocurrency, Tornado Cash is frequently the centre of attention-grabbing hacks and exploits. A few members of its development team were accused in August of aiding hackers in the money laundering of more than $1 billion, including from North Korean-affiliated businesses. 90% less people are using the privacy protocol now than before the arrests and the ensuing penalties.

Unibot – Another Page in Crypto Security Concerns

Even though this was one of the earliest well-known Telegram bot attacks, security flaws have shaken the crypto community as a whole.

Some LastPass users reported losing an additional $4.4 million in cryptocurrency just one week prior to the Unibot breach. Security experts are now pointing to a LastPass exploit from last December, even though the frequent exploits over the last ten months had confused many since they appeared to have no pattern.

Another major weakness in the cryptocurrency sector is the identification of inter-blockchain bridges that enable users to transfer assets between incompatible networks.

The loan platform Exactly, which relies on Optimism, was compromised for $7 million in August. Although it’s not a large amount, it’s also one of the lesser hauls in comparison to previous, more well-known bridge hacks.

Consider the Ronin bridge owned by Axie Infinity, which was taken advantage of in March 2022 for an estimated $622 million. Additionally, there is the Wormhole breach, wherein hackers stole an astounding $320 million.

These occurrences serve as sobering reminders of the difficulties that lie ahead as the cryptocurrency space continues to make headway into the mainstream.

Keeping your Crypto Safe on Telegram

Telegram has become a well-known name in the cryptocurrency community as one of the most used messaging programmes. Every significant blockchain project and cryptocurrency community has a Telegram account, where they create channels and groups to encourage interaction and community building.

Telegram’s widespread use has made it a priceless tool for cryptocurrency fans looking to learn more and discuss their favourite projects, but it has also drawn unwanted attention from dishonest people.

But what are the most common crypto scams on Telegram and how can you protect yourself?

Phishing and Smishing

On Telegram, phishing takes the form of “smishing” (phishing via SMS). The goal is to extract sensitive data, often targeting high-profile individuals in “whaling” or “spear phishing” attacks.

Off-Platform Crypto Scams

These scams lure you outside the platform to follow links, potentially tricking you into sharing personal information or downloading malware.

Copycat Scams

Scammers create fake Telegram channels or groups that mimic legitimate ones, making users believe they’re part of the real community. Verify channel authenticity by enabling admin-only posting and limiting who can add you to channels in your settings.

Crypto Expert Impersonation

Scammers on Telegram pose as crypto experts and promise to enhance your returns. They often disappear after collecting your login information.

Pump and Dump Schemes

These scams promote events with potential price impacts, urging users to invest or sell. Be cautious when receiving investment advice via private messages.

Telegram Bots

While Telegram bots can be useful, some hackers create fake ones. Avoid bots that rush you into actions, check their phone numbers, grammar, and never share sensitive information.

Tech Support Scams

Scammers impersonate support staff in Telegram channels. Never share confidential information with supposed support, whether they’re bots or not.

Fake Giveaways

Be wary of giveaways that ask for your bank details or require you to pay a fee to claim your prize, as these are likely scams.

Scammers find Telegram to be an attractive platform since it is the home of all legitimate cryptocurrency projects. Therefore, it is crucial to avoid disclosing private information, sending money, or clicking on a dubious link.

Was this Article helpful? Yes No
Teuta is a seasoned writer and editor with more than 15 years of experience. She has expertise in covering macroeconomics and technology as well as the cryptocurrency and blockchain industries. She has worked for several publications as a journalist and editor, including Forbes, Bloomberg, CoinTelegraph, Coin Rivet, CoinSpeaker, VRWorld and Arcane Bear. Teuta began her professional career in 2005, working as a lifestyle writer at Cosmopolitan in Croatia. From there, she branched out to several other publications, covering mainly business and the economy. She then turned her attention to the world of cryptocurrency and blockchain, believing that crypto is among the most important inventions in the history of humanity. Her involvement in fintech began in 2014 and she has since lent her expertise in writing, editing and gathering information about the world of crypto, blockchain, NFTs and Web3. An all-round news hound, mentor, editor, and writer, Teuta enjoys teamwork and good communication. She holds a WSET2 diploma and has a thing for chablis, punkrock music and shoes. She also holds a double MA in Political science and Entrepreneurship.
See more
loading
loading