Unibot encounters hacker invasion How should Telegram users ensure the security of their assets?

Unibot Faces Hacker Invasion How Can Telegram Users Safeguard Their Assets?

The renowned Telegram trading tool, Unibot, has become the latest victim in an expanding series of cryptocurrency attacks.

Unibot has admitted to being attacked on October 31st due to a vulnerability in token approval on a new router. In an official announcement, Unibot stated, “We have identified a vulnerability in token approval on the new router. Unibot has temporarily suspended the new router to address this issue. Any funds lost due to the router’s error will be compensated. User keys and wallets are secure and a detailed response will be provided after the investigation concludes.” It is reported that this vulnerability caused a loss of over $630,000. In this article, the veDAO Research Institute will provide specific updates on this incident and advice on how to protect your assets on Telegram.

The Attack on Unibot

• Aragon, which raised 275,000 ETH, officially dissolves. Did DAO governance still fall victim to human nature?
• November Cryptocurrency Market Outlook Hot Projects and Catalysts to Watch
• Important progress in the trial of SBF! The jury collectively affirmed the defendant’s guilt of fraud, with a maximum sentence of 115 years. Sentencing will be announced in March next year.

On October 31st, blockchain analytics company Scopescan notified Unibot users that the platform was undergoing an ongoing, but undiscovered, attack. A vulnerability in a newly deployed contract on Unibot resulted in the depletion of cryptocurrency balances for multiple users.

Subsequently, Unibot released the aforementioned announcement revealing the initial details of the hack and confirming it was due to a vulnerability in token approval on the new router.

Scopescan urged users to revoke approval for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and transfer funds to a new wallet to cooperate with Unibot and blockchain investigators in their ongoing investigation.

Unibot has promised to compensate all users who suffered financial losses due to the contract vulnerability. The attack commenced on October 31st at 12:39:23 (Beijing time) and continued until 14:09:47 on the same day. During this time, the attacker executed 22 attack transactions, transferring a total of 42 different tokens from 364 victim addresses through the router to the attacker’s account. The exploiters subsequently sold these tokens, resulting in a total of 355.5 ETH. All 355.5 ETH has now been transferred to Tornado.Cash. The affected cryptocurrencies include Joe (JOE), UNIBOT, BeerusCat (BCAT), and others, according to weekly transaction statistics.

UNIBOT Drops Nearly 40%

Although Unibot officials have promised to compensate for the losses, UNIBOT still experienced a sharp decline due to the impact of hacker news. According to CoinMarketCap data, UNIBOT plummeted from $58.34 to a low of $35.94, with a maximum drop of 38%. It has since slightly recovered and is hovering around $42. It is worth noting that despite the strong panic selling volume, whales and smart money have taken the opportunity to buy a large number of UNIBOT.

Follow-up

On November 1, Unibot announced on Telegram that the vulnerability from yesterday has been completely resolved and the old router has been restored; Unibot is now safe and operating normally. However, it will take some time to refund the damaged users’ assets: Unibot is currently conducting the final few rounds of simulations in an attempt to ensure the complete return of users’ tokens through additional measures. The announcement states that due to the impact of the vulnerability on over 100 types of tokens, the refund process is longer than expected. As these tokens vary in scale and liquidity, the refund will ultimately be in the form of a combination of different tokens + ETH.

What is Unibot?

Unibot is a trading tool bot built within Telegram. Users can complete on-chain token trading activities on Uniswap in the form of dialogues with the bot on Telegram, such as token exchange, copy trading, limit orders, private transactions, etc. Unibot is popular on Telegram due to its user-friendly interface. In short, Unibot allows users to switch between different tokens without leaving the chatting app. However, users can also use MEV to protect transactions and replicate the trading strategies of other traders. The native token of this app skyrocketed to an astonishing $236 in mid-August, which reflects its popularity.

Telegram Bots

In addition to Unibot, there are many Telegram bots with a large user base, such as Mizar, Banana Gun, Maestro, and Wagie Bot. Telegram bots are automated programs that run in the Telegram chat program. They can perform trades, provide market data to users, evaluate sentiment on social media, and interact with smart contracts through commands initiated on the Telegram interface. This type of bot has existed for many years, but they have gained attention in recent years with the emergence of Telegram bot tokens.

Telegram bot tokens are native tokens integrated into Telegram bots and are mainly used for diverse trading functions, such as executing DEX trades, cross-wallet portfolio management, liquidity mining, and other DeFi-related operations. Essentially, these tokens allow users to interact with the entire DeFi ecosystem solely through the Telegram interface.

Since the end of July this year, the popularity of these tokens has skyrocketed, with some experiencing gains of over 1000%. Especially after the rise of Unibot, numerous Telegram bot tokens have emerged. Currently, CoinMarketCap has listed 73 Telegram bot tokens.

Unibot – A New Problem in Crypto Security

This vulnerability in Unibot implies a flaw in its smart contracts, which could potentially result in users’ tokens being moved beyond specified restrictions or unauthorized access, causing concerns.

Prior to transferring the stolen assets to Tornado.Cash, the attackers first moved them to the decentralized exchange Uniswap. Tornado.Cash is often the center of attention for notable hacker attacks and vulnerabilities in the crypto world. Several members of the protocol development team were charged in August this year for allegedly assisting money laundering, involving amounts exceeding 1 billion US dollars, including companies from North Korea. Compared to before the arrests and subsequent punishments, the number of people using the privacy protocol has decreased by 90%.

A week before the attack on Unibot, some LastLianGuaiss users reported losses of $4.4 million in cryptocurrency. Security experts point out that this may be due to a LastLianGuaiss vulnerability from December last year, although the frequent vulnerabilities in the past ten months have left many baffled, as they seem unpredictable.

Another major weakness in the field of cryptocurrency is the cross-chain bridge that allows users to transfer assets between incompatible networks. The lending platform Exactly, relying on Optimism, was hacked in August this year, resulting in losses of $7 million. The Ronin cross-chain bridge of Axie Infinity was exploited by hackers in March 2022, causing losses of approximately $622 million. Additionally, there was a vulnerability incident in the Wormhole cryptocurrency platform where hackers stole an astonishing $320 million.

These incidents serve as continuous reminders that these security issues cannot be avoided in the process of cryptocurrency’s continuous development towards mainstream markets.

How to Safeguard Asset Security on Telegram

Telegram has become one of the most commonly used messaging programs in the cryptocurrency community. Every significant blockchain project and cryptocurrency community has a Telegram account where they create channels and groups to encourage interaction and community building. Telegram’s widespread use makes it a valuable tool for cryptocurrency enthusiasts to learn more, discuss their favorite projects, but it also attracts the attention of hackers.

Let’s summarize the common cryptocurrency scams on Telegram and how to protect your assets:

Phishing and Message Scams

On Telegram, phishing takes the form of “Smishing” (SMS phishing). Its purpose is to extract sensitive data, usually targeting high-profile individuals with “whale” or “spear phishing” attacks.

Phishing scams on Telegram are usually done through messaging. There are widespread-netting campaigns that send deceitful messages to as many people as possible. More targeted are “spear phishing” and “whaling” attacks, aimed at organizations and prominent individuals to extract sensitive data.

Off-Platform Scams

These scams lure users off the platform and make them click on links, potentially tricking them into sharing personal information or downloading malicious software.

Impersonation Scams

Scammers create fake Telegram channels or groups that mimic real ones, making users believe they are part of the genuine community. You can verify the authenticity of a channel by enabling “admin-only” posting in the settings and restricting who can add you to the channel.

Pretending to be Crypto Experts

Scammers on Telegram impersonate crypto experts and promise to increase your profits. They often disappear immediately after collecting users’ login information.

Pump and Dump Schemes

These scams promote events that could potentially impact prices and urge users to invest or sell. Be cautious when receiving investment advice from strangers through private messages.

Telegram Bots

While Telegram bots can be useful, some hackers create fake bots. Avoid bots that rush you into taking action, check their phone numbers, posted content, and never share sensitive information.

Tech Support Scams

Scammers impersonate support staff in Telegram channels. Never share confidential information with supposed support staff, whether they are bots or real people.

Fake Giveaways

Be wary of giveaways that ask for your banking details or require you to pay a fee to receive a prize, as these are likely scams.

Since Telegram hosts almost all cryptocurrency projects and there are numerous communities, scammers see it as an attractive platform. Therefore, it’s crucial to avoid leaking personal information, making payments, or clicking on suspicious links.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!