Unibot Hacked: How Should Telegram Users Protect Their Assets?

Author: veDAO Research Institute

The famous Telegram trading tool Unibot has become the latest victim in a series of ongoing cryptocurrency attack incidents.

Unibot acknowledged that it was attacked on October 31 due to a token approval vulnerability in the new router. The official announcement from Unibot stated: "A token approval vulnerability was found in the new router, and Unibot has suspended the new router to address this issue. Any financial losses caused by the error in the new router will be compensated; users' keys and wallets are safe, and a detailed response will be released after the investigation is completed." It is reported that the vulnerability resulted in losses exceeding $630,000. In this article, the veDAO Research Institute will provide specific details about the incident and advice on how to protect your assets on Telegram.

The Timeline of Unibot's Attack

On October 31, blockchain analytics firm Scopescan notified Unibot users that the platform was undergoing an ongoing but undetected attack, with a vulnerability in one of Unibot's recently deployed contracts leading to multiple users' cryptocurrency balances being drained.

Subsequently, Unibot released the announcement mentioned at the beginning of this article, revealing the first details of the hack and confirming that the attack was due to a token approval vulnerability in the new router.

Scopescan urged users to revoke approvals for the exploited contract (0x126c9FbaB3A2FCA24eDfd17322E71a5e36E91865) and to transfer funds to a new wallet to assist Unibot and blockchain investigators in their ongoing investigation.

Unibot promised to compensate all users who suffered financial losses due to the contract vulnerability. The attack began at 12:39:23 on the 31st Beijing time and lasted until 14:09:47 on the same day. During this period, the attacker executed 22 attack transactions, transferring a total of 42 different tokens from 364 victim addresses to the attacker, who then sold these tokens for a total of 355.5 ETH. Currently, all 355.5 ETH have been transferred to Tornado.Cash. According to weekly trading statistics, this includes cryptocurrencies such as Joe (JOE), UNIBOT, and BeerusCat (BCAT).

UNIBOT Plummets Nearly 40%

Although Unibot has officially promised to compensate for the losses, the news of the hack still caused a significant drop in UNIBOT's price. According to CoinMarketCap data, UNIBOT plummeted from $58.34 to a low of $35.94, with a maximum drop of 38%, before slightly recovering to hover around $42. Notably, despite the strong panic selling, whales and smart money took the opportunity to accumulate more UNIBOT.

Follow-up

On November 1, Unibot announced on Telegram that the vulnerability from the previous day had been fully resolved and that it had reverted to the old router; Unibot is now safe and operational. However, the refund of affected users' assets will take some time: Unibot is currently conducting final rounds of simulations, intending to ensure the complete return of users' tokens through additional measures. The announcement stated that due to the over 100 types of tokens affected by the vulnerability, the refund process will take longer than expected. Since these tokens vary in scale and liquidity, the refunds will ultimately be made in a mixed form of different tokens + ETH.

What is Unibot?

Unibot is a trading tool bot integrated into Telegram, allowing users to issue trading commands in a conversational format within Telegram to complete on-chain token trading activities on Uniswap, such as token swaps, copy trading, limit orders, and privacy trading. Unibot is popular on Telegram due to its user-friendly interface. In short, Unibot allows users to switch between different tokens without leaving the chat app. However, users can also utilize MEV protection to trade and replicate other traders' strategies. The app's native token soared to an astonishing $236 in mid-August, highlighting its popularity.

Telegram Bots

In addition to Unibot, there are many other Telegram bots, such as Mizar, Banana Gun, Maestro, and Wagie Bot, which have many users. Telegram bots are automated programs that run through the Telegram chat application. They can execute trades, provide users with market data, assess sentiment on social media, and interact with smart contracts through commands initiated via the Telegram interface. This type of bot has existed for years, but they have gained attention in recent years with the emergence of Telegram bot tokens.

Telegram bot tokens are native tokens integrated into Telegram bots, primarily used for diverse trading functions, such as executing DEX trades, managing portfolios across wallets, liquidity mining, and other DeFi-related operations. These tokens essentially allow users to interface with the entire DeFi ecosystem solely through interactions with the Telegram interface.

Since the end of July this year, the popularity of these tokens has surged, with some tokens even increasing by over 1000%. Especially after Unibot emerged, a large number of Telegram bot tokens have appeared. Currently, CoinMarketCap lists 73 Telegram bot tokens.

Unibot - A New Problem in Cryptocurrency Security

The vulnerability in Unibot indicates that its smart contracts have permission flaws, which may allow users' tokens to be moved beyond designated limits or accessed without authorization, raising concerns.

Before transferring the stolen assets to Tornado.Cash, the attacker first moved them to the decentralized exchange Uniswap. In the crypto world, Tornado.Cash often becomes the center of attention for hacker attacks and exploitations. Several members of the protocol development team were accused in August of assisting hackers in laundering over $1 billion, including funds from North Korean entities. Compared to the arrests and subsequent penalties, the number of users utilizing this privacy protocol has decreased by 90%.

A week before Unibot was attacked, some LastPass users reported losing $4.4 million in cryptocurrency. Security experts pointed out that this could be due to a LastPass vulnerability from last December, although frequent vulnerabilities over the past ten months have left many confused, as they seem to lack a pattern.

Another major vulnerability in the cryptocurrency space is the cross-chain bridges that allow users to transfer assets between incompatible networks. The lending platform Exactly, which relies on Optimism, was hacked in August, resulting in a loss of $7 million. The Ronin cross-chain bridge of Axie Infinity was exploited by hackers in March 2022, causing losses of approximately $622 million; additionally, there was the Wormhole cryptocurrency platform vulnerability incident, where hackers stole an astonishing $320 million.

These incidents continually remind us that as cryptocurrency continues to evolve into the mainstream market, these security issues are unavoidable challenges.

How to Protect Your Assets on Telegram

Telegram has become one of the most commonly used messaging applications in the cryptocurrency community. Every significant blockchain project and cryptocurrency community has a Telegram account where they create channels and groups to encourage interaction and community building. The widespread use of Telegram makes it a valuable tool for cryptocurrency enthusiasts to learn more and discuss their favorite projects, but it has also attracted the attention of hackers.

Let's outline some common cryptocurrency scams on Telegram and how to protect your assets:

Phishing and Message Scams

On Telegram, phishing takes the form of "Smishing" (SMS phishing). The goal is to extract sensitive data, often targeting high-profile individuals with "whaling" or "spear phishing" attacks.

Phishing scams on Telegram typically occur through messaging. There are broad-based attempts to send malicious deceptive messages to as many people as possible. More often, the targets are sensitive data extraction through "spear phishing" and "whaling" attacks aimed at organizations and well-known individuals.

Off-Platform Scams

These scams lure users away from the platform and encourage them to click links, potentially tricking users into sharing personal information or downloading malware.

Impersonation Scams

Scammers create fake Telegram channels or groups that mimic real channels, making users believe they are part of the legitimate community. You can verify the authenticity of a channel by enabling admin-only posting in settings and restricting who can add you to the channel.

Impersonating Crypto Experts

Scammers on Telegram impersonate crypto experts and promise to increase your returns. They typically disappear immediately after collecting users' login information.

Pump and Dump Schemes

These scams promote events that may impact prices, urging users to invest or sell. Be cautious when receiving unsolicited investment advice in private messages.

Telegram Bots

While Telegram bots can be useful, some hackers create fake bots. Avoid bots that rush you to take action, check their phone numbers and posted content, and never share sensitive information.

Technical Support Scams

Scammers impersonate support personnel in Telegram channels. Never share confidential information with so-called support staff, whether they are bots or real people.

Fake Giveaways

Be wary of giveaways that ask you to provide bank details or request payment to claim prizes, as these are likely scams.

Since Telegram encompasses nearly all cryptocurrency projects, with numerous communities, scammers view it as an attractive platform. Therefore, it is crucial to avoid disclosing personal information, transferring funds, or clicking on suspicious links.