Unibot's Token Exploit Shook the Crypto World: Why $600K Vanished in an Hour

Van Thanh Le

•

Oct 31 2023

7 months ago3 minutes read

Chibi cubic robot frantically pulling out cables from server rack

Dissecting the Unibot Exploit

Unibot, a mile-high name in the realm of Telegram-based trading bots, found itself under siege following a calculated "token approval exploit" that adversely targeted its most recent router.

This onslaught was orchestrated using a Call injection vulnerability to tamper with Unibot's smart contracts, allowing the intruder to rob the bot blind. "We experienced a token approval exploit from our new router and have paused our router to contain the issue," Unibot declared in response to the hack.

#Unibot exploited
Hacker:https://t.co/vSnl9xNmBD

The root cause is CAll injection, where an attacker can pass custom malicious calldata into the 0xb2bd16ab() method to transfer tokens approved to Unibot contracts.

Users need to revoke approval for… pic.twitter.com/7PYJVwO6Ga
— Beosin Alert (@BeosinAlert) October 31, 2023

The Financial Fallout

The exploit wrought havoc on the unsuspecting users, pillaging over $600,000 from their wallets in a lightning-fast hour from the time of the breach. Multiple memecoins fell prey to the cyber raider, the victims including popular names such as Joe (JOE ), UNIBOT, and BeerusCat (BCAT).

In the wake of this rob-and-run maneuver, the hacker's wallet swelled weighty with assets approximating $630,000. Most of these stolen spoils were transformed into Ethereum (ETH), with a minor portion of USDC nesting alongside.

.@TeamUnibot seems exploited, the exploiter transfers memecooins from #unibot users and is exchanging them for the $ETH right now.

The current exploit size is ~$560K

Exploiter address:https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892
— Scopescan (@0xScopescan) October 31, 2023

Unibot's Token Price Rollercoaster

Unibot's native token teetered precariously along a cliff's edge as the exploit set it on a free fall. The token's price charted a rollercoaster of dramatic declines, hurtling downwards initially by 29%, then a steep dive by 42.7% soon after, and finally, a harsh 20% drop.

From the $56 level, its crypto price stumbled and tumbled to $42.42, $32.94, and $45 during various intervals, the charts serving as fitting epitaphs of the day's catastrophic price volatility. The token had reached an all-time high of almost $220 before the exploit.

Impact on Market Cap and User Base

With the token's value all but obliterated, Unibot's market cap met a harsh fate, taking a nosedive from its lofty peak of $200M to a meager $45M.

This calamitous turn of events reverberated all too painfully through Unibot's once-thriving user base, shattering the confidence of about 1,300 active accounts that had traded yesterday on what was formerly the second most popular Telegram bot, accounting for 16% of the user market share.

dex bot sector usage by day (1).webp — Source: @whale_hunter/ Dune

Unibot's Tackles The Crisis Head-On

In a bid to control the rapidly escalating crisis, Unibot turned to social media platforms to relay the distressing news and to quell rising panic among the users. Alongside confirming the unnerving exploit, Unibot declared a pause on its new router to contain the damage.

In an attempt to comfort its shaken user base, Unibot assured, "Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe."

We experienced a token approval exploit from our new router and have paused our router to contain the issue.

Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.

We will release a detailed response after investigations conclude.
— Unibot (@TeamUnibot) October 31, 2023

Security Firms Lead the Way

First-hand alerts of the Unibot debacle emerged from the distinguished quarters of on-chain research teams Scopescan and PeckShield.

Scopescan was particularly forthcoming in its advisories to distraught users, counseling its community members to revoke their approvals for the controversial contract, recognized as 0x126…, and strategically move their funds to a novel, untainted wallet.

#PeckShieldAlert Revoke any approvals for @TeamUnibot
Contract: 0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865
— PeckShieldAlert (@PeckShieldAlert) October 31, 2023

Putting The Unibot Crisis In Perspective

Sadly, Unibot isn't the lone casualty in this type of crypto scandal. Comparable exploits have plagued other Telegram bots such as Maestro and Banana Gun, both of which encountered financial devastations amounting to $500,000, and a colossal 98% token value crash respectively.

Interestingly, Maestrobots, which was in the same hot water as Unibot, managed to compensate its users with a whopping 610 ETH pulled out of its own revenue stream to cover all resultant losses.

Investigations and Future Impacts

Shattered crypto piggy bank on a wooden table in a modern room.webp

In the aftermath of the Unibot debacle, several dedicated third-party blockchain investigation firms have teamed up with Unibot's developers to probe deeper into the incident.

This exploit, while unfortunate, opens the window to a broader dialogue on the urgent need for fortified security protocols in Telegram-based trading bots and the importance of risk management.

Delving Deeper into The Crisis

The hacker seems far from done, initiating a similar contract exploit identical to the technique used in Unibot’s case to pilfer 280 ETH from the unsuspecting users of Maestrobots, another group of cryptocurrency bots operating via the Telegram platform.

Simultaneously, the address 0x835B, identical to the exploited address, was launched and is actively used to amass tokens from innocent victims.

Lessons Drawn

In the broader scheme of crypto trading, the Unibot exploit serves as an exclamation point stressing the significance of investor vigilance. Unibot has indeed pledged to compensate for the losses, but at the same time, the incident has left the investor community questioning their faith in such platforms.

It underscores the pressing need for dogged vigilance and robust security measures in the rapidly evolving world of crypto trading bots.

FAQs

1. What was the exact nature of the Unibot exploit?

The Unibot exploit was a "token approval exploit” in which the attacker used a Call injection vulnerability to manipulate Unibot's smart contract, leading to a loss of over $600,000 from users' wallets.

2. Which were the primary cryptocurrencies targeted, and how much was siphoned off?

The intruder focused on various memecoins, with Joe (JOE), UNIBOT, and BeerusCat (BCAT) being the key targets. In all, assets worth over $630,000, predominantly Ethereum (ETH), were taken.

3. What occurred following the Unibot exploit in phasing out the new router?

In response to the exploit, Unibot immediately paused the operational capacity of its new router. This was done as a damage limitation measure to prevent more users from falling victim to the exploit.

4. What were the other Telegram bots affected by similar issues, and how did they respond?

Other Telegram bots like Maestro and Banana Gun have suffered similar security breaches, with Maestrobots even compensating its users for all losses incurred from the hack.

5. What are the implications of the Unibot exploit for the overall security protocols of trading bots?

The Unibot exploit raises significant questions about the security policies of Telegram-based trading bots and underscores the inherent risks users face when relinquishing control over their private keys.

This article has been refined and enhanced by ChatGPT.