Hackers Strike Suddenly Unibot Hacked, Highlighting Security Risks of Telegram Bots

Unibot Hacked by Hackers, Exposing Security Vulnerabilities in Telegram Bots

On October 31st, according to Beosin’s EagleEye security risk monitoring and detection platform, the previously popular Unibot was suddenly attacked by hackers and caused a stir in the market.

EagleEye attack-related address: https://eagleeye.sLianGuaice/address/0x413e4Fb75c300B92fEc12D7c44e4c0b4FAAB4d04

Hackers showed no mercy and continued with their attacks and transferred stolen assets even after the attack was exposed. This attack caused the related tokens to drop to approximately 33.02 USDT, with a 24-hour drop of over 35%.

Unibot, what is it? In a previous article, we introduced UNIBOT – How to prevent phishing and scams related to Telegram bots?

In simple terms, Unibot is a Telegram trading bot that allows users to interact with the bot to monitor liquidity pools, trade tokens, and replicate other people’s trades.

In August, the market value of $UNIBOT skyrocketed from $30 million to over $100 million, attracting market attention. However, security issues remained overlooked.

For example, in today’s security incident, Beosin’s security team discovered that the root cause of the attack on Unibot was CAll injection, resulting in a loss of $640,000.

Beosin also reminds users to revoke authorization on Revoke to avoid further financial losses. Link: https://revoke.cash/

Beosin Trace traced the stolen funds and found that the hacker has transferred the stolen funds to the mixer platform Tornado Cash for money laundering.

The security risks of Telegram bots being hacked:

1. Centralization:
The risks of Telegram bots are similar to those of centralized exchanges. If users want to use Telegram bots, they need to import their private keys into these bots. During this process, other software may read the user’s private keys from the clipboard. Furthermore, once users import their private keys into the telegram bot, their encrypted assets are no longer under their control.

2. Security risk:
Most Telegram bots are not open source and do not undergo third-party code audits. Potential vulnerabilities in the bots may result in asset losses. If a user’s Telegram account is compromised (phishing attacks on Telegram accounts do happen), the assets on the Telegram bot will also be under the control of hackers.

During the Telegram bot frenzy, phishing and scams related to Telegram bots have been constantly appearing. These bots claim to be automated trading or front-running bots, enticing users to import their private keys and then transferring their funds without their permission.

Why is contract auditing so important? How can users ensure safety?

Contract auditing is crucial in the Web3 ecosystem. For example, the Banana Gun incident previously analyzed by Beosin involved issues with smart contracts.

Vulnerabilities and security issues in smart contracts can lead to fund losses, data leaks, or contract manipulation. Auditing helps identify and fix these potential vulnerabilities and weaknesses, ensuring the security and reliability of contracts. Conducting a comprehensive review of contracts can prevent potential attacks in advance and ensure the safety of users’ funds and data.

At the same time, users need to pay attention when choosing projects:

1. Conduct thorough research on projects. Users should have sufficient understanding of the project’s operational logic and potential risks through project websites, documentation, community channels, code auditing reports, etc., to avoid falling into scams.

2. Stay updated on the latest progress of projects. Users should timely learn about the project’s development through official Twitter accounts, Telegram groups, Discord communities, etc., in order to react quickly to rug pulls, contract vulnerabilities, or hacking attacks.

3. On the EagleEye platform, users can enter the contract address of a token, and EagleEye will check its contract code and provide relevant risk reminders.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Weekly data on the BTC chain: data on the chain began to fall, and the exchange traded frequently

In the past week (10.28-11.03), from the main chain data, the total amount of transactions has increased compared wit...

Policy

FTX Hacker Strikes Again - This Time with Style!

The 72,000 ETH stolen from FTX last year has resurfaced for the first time since the hack, as transactions have emerg...

News

SBF in the eyes of Western mainstream media Watch the BBC documentary 'The Fall of the Crypto King' in 5 minutes.

FTX, a former giant in the cryptocurrency world, collided with an iceberg in November last year. This impact triggere...

Blockchain

Witness history! Bitcoin plunges sentient beings: mining circle under pressure, exchange shuffled

Author: Liu four red Source: BBT Fintech Circle Editor's Note: This article has been deleted without altering th...

Policy

FTX's Big Sell Grayscale and Bitwise Assets On the Market for $744M

FTX creditors have requested approval from an investment advisor for the sale of trust assets and related procedures.

Blockchain

The wave of "absolute deflation" of platform currency is coming. How should the exchange make a choice?

This article Source: Odaily Daily Planet , author: the the Platform currency refers to tokens issued by digital asset...