Telegram-based crypto trading platform Unibot suffers security breach; over $600,000 lost

Cybercriminal group "Pink Drainer" strikes again: $4.4 million theft in Chainlink

Most read

Loading Most Ready posts..


  • Unibot, a Telegram-based crypto trading bot, suffered a security breach that led to users hurriedly moving funds off the platform—over $600,000 has been stolen.
  • The exploit was identified as a Call injection, allowing the attacker to manipulate Unibot contracts. The company has paused its new router and assured compensation for affected users.
  • This incident adds to a growing list of security lapses in Telegram-based trading bots.

Unibot, a Telegram-based crypto trading bot, has been exploited due to a suspected hacking incident. Users have been rushing to withdraw their funds from the platform, which specializes in connecting wallets to the decentralized exchange Uniswap and allowing users to execute token trades using Telegram-based tools. 

Etherscan data indicates that an exploiter has been moving users’ cryptocurrencies and exchanging them for Ethereum (ETH).

One week after Unibot was launched, the exploiter received 1 ETH as gas fee from FixedFloat coin mixer, as revealed by Scopescan. Analytics firm Lookonchain has reported that the exploiter has already pilfered over $600,000. Moreover, cybersecurity entity Beosin Alert has identified the root cause of the breach as a Call injection. This vulnerability enabled the attacker to insert custom malicious calldata into a specific method, thereby transferring tokens approved to Unibot contracts.

Unibot token price plummets

The immediate financial aftermath of the security lapse has been severe. The Unibot token price plummeted by 25.0% in one hour after the hack, trading at $42.42 at the time of this report, according to data from Coingecko.

UNIBOT/USD chart. Source: CoinGecko.

The platform’s team confirmed the exploit on X (Twitter). They attributed the security lapse to a token approval exploit in their new router, which has now been paused to contain further damage. Additionally, the team assured users that compensation would be provided for any lost funds. Importantly, they stressed that users’ keys and wallets were not compromised.

In a similar vein, Unibot declared that it would reimburse any purloined funds. Consequently, the team paused the router’s operation to mitigate the issue. They reiterated the security of users’ keys and wallets, aiming to assuage concerns.

Significantly, this Unibot incident is the latest in a series of exploits that have plagued the crypto trading bot space, especially those operating on Telegram. Notably, last week, Maestro, a leading Telegram trading bot at the time, suffered a hacking incident that resulted in a loss of $500,000. Affected users were later reimbursed. Also, in September, Banana Gun, another top bot, saw its native token crash by 98% in a single day due to a smart contract glitch.

In light of these events, crypto trading bot users are urged to exercise caution. The growing incidents of security lapses underscore the risks involved in relinquishing control over private keys to trading bots. However, it remains to be seen how Unibot will shore up its defenses to regain user trust and prevent future mishaps.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Stay on top of crypto news, get daily updates in your inbox

Related News

Trouble in paradise: South Africa wants to ditch BRICS forever
Subscribe to CryptoPolitan